I am extracting fields from grok expression out of which one field is a timestamp field. Later I am using date filter and matching with timestamp field. But the problem is timestamp field is not consistent always. It may be 2017-11-13 12:53:22.123456 or it may be 2017-11-13 12:53:22.1234. What should I do in this case?
Also if I am not wrong, date flter is used to convert a field from string to date type?
Please suggest me..
You can list multiple date patterns in a single date filter.
Exact pattern would be 2017-11-13 21:30:48:48319. What changes is just the milli second part. It may be 6 digits, 4 digits. So can I just use following,
date {
match => ["timestamp", "ISO8601"]
target => "time"
}© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.