Timestamp conversion pattern on ingest_node

AndresL · September 12, 2019, 10:36am

Hi,
In an ingest node pipeline, im converting the log event into a timestamp.
The log event is in this format: 2019-09-11 10:12:11,145
and the conversion via ingest_node is removing the TIME: 2019-09-11T00:00:00.000Z

I tried "format": iSO861 (it throws an error) and yyyy-MM-dd hh:mm:ss,SSS, like that (using simulate API)

{
 "pipeline": {
   "description": "Parsing LOg4Net Logs",
   "processors": [
     {
       "grok": {
         "field": "message",
         "patterns":["%{TIMESTAMP_ISO8601:logtimestamp};%{DATA:SystemName}"]
       }
     },
     {
      "date" : {
        "field" : "logtimestamp",
        "formats" : ["yyyy-MM-dd hh:mm:ss,SSS"]
      }
    }
   ]
 },
 "docs": [
   {
     "_index": "log4net",
     "_type": "message",
     "_score": 1,
     "_source": {
       "message": "2019-09-11 10:12:11,145;ApplicationName"
     }
   }
 ]
}

Result is:
"_source": {
"logtimestamp": "2019-09-11 10:12:11,145",
"@timestamp": "2019-09-11T00:00:00.000Z",
"SystemName": "",
"message": "2019-09-11 10:12:11,145;ApplicationName"

AndresL · September 12, 2019, 2:14pm

Sorry my bad,
yyyy-MM-dd HH:mm:ss,SSS should do the trick

system · October 10, 2019, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date parser using ingest node Beats filebeat	1	326	February 6, 2020
Filebeat - Ingest Node - Parsing Date Beats filebeat	2	1109	July 16, 2018
Date processor on ingest node not working Meta Elastic	1	1335	November 7, 2018
Ingest pipeline drops the field as @timestamp while loading Elasticsearch's server and slowlog using filebeat Beats filebeat	10	1449	October 5, 2020
Ingest @timestamp Elasticsearch ingest-pipeline	3	423	May 3, 2023

Timestamp conversion pattern on ingest_node

Related topics