Reputation: 759
logstash convert time to date time
I am using logstash to push data from filebeat to elasticsearch. My data has time as hh:mm:ss a (05:21:34 AM). I want to add today's date to it.
This is filter of logstash config
filter{
grok{ some grok pattern to get time}
date {
locale => "en"
match => ["time", "hh:mm:ss a"]
target => "@timestamp"
}
}
But data converted as 2016-01-01T05:21:34.000Z
How can I change it to 2016-10-14T05:21:34.000Z?
Upvotes: 0
Views: 2092
Answers (1)
Reputation: 16362
I think logstash is smart enough to use the current year (as you're seeing), but it's not defaulting the other fields.
You should make a new field with the full datetime string you want. Something like this should work between your grok and date:
grok { }
mutate {
add_field => { "datetime" => "%{+YYYY.MM.dd} %{time}" }
}
date { }
Be sure to change your date{} pattern to use the new datetime field and its format. If you don't want the datetime field after date{} is called, you can either use a metadata field instead, or remove_field as part of date{}.
Upvotes: 1
Related Questions
- Convert a string to date in logstash in json DATA
- How to change date format in logstash
- Logstash convert date duration from string to hours
- Converting date to UNIX time in Logstash
- Logstash date format
- Parse only date part not time logstash
- Change field to timestamp
- logstash convert UTC time to long timestamp
- changing timestamp in logstash 1.4.1
- Logstash change time format