To create a date field in logstash

sagarleo · April 4, 2019, 9:29am

I'm trying to create a date field using logstash filter . The field i created extracts time part from logs but when trying to visualize in kibana as date histograms. This newtimestamp field i created in logstash do not appear.
I am using elk 6.6.2 version and filebeat version 6.2.1
Here are the screenshots.

Below is my logstash filter config file.

input {
  beats {
    port => "5044"
  }
}
# The filter part of this file is commented out to indicate that it is
# optional.
filter {
grok {
    match => [ "message", "%{TIMESTAMP_ISO8601:newtimestamp} %{GREEDYDATA:message}" ]
  }

date {
    match => ["newtimestamp", "YYYY-MM-dd HH:mm:ss.SSS"]
    target => "newtimestamp"
  }
}
output {
    elasticsearch {
        hosts => ["http://localhost:9200"]
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    }
        stdout {codec => rubydebug}
}

Please help me on this Sir/Ma'am.

BKG · April 6, 2019, 8:55am

You might need to add it in the Kibana index template.

system · May 4, 2019, 9:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date filter plugin successfully matches but doesn't show up in Kibana Logstash	4	412	August 28, 2018
Logstash Date Filter not working on Kibana Logstash	10	882	September 18, 2020
Logstash date extraction in logs Logstash	17	3216	April 10, 2019
Logstash date filter won't parse my date field Logstash	8	1952	July 27, 2017
Unable to convert timestamp to Date field Logstash	13	3120	March 20, 2018

To create a date field in logstash

Related topics