Nick
Reputation: 189
Parsing a specific date within logstash
I am trying to parse the following date in logstash 2019-08-01T00:00:00Z/2019-08-02T00:00:00Z
I tried multiple things but nothing worked
Option 1
date{
match => ["timestamp","ISO8601/ISO8601"]
target => "timestamp"
}
Option 2
date{
match => ["timestamp","ISO8601"]
target => "timestamp"
}
Option 3 - The pipeline works but I get dateparsefailure
date{
match => ["timestamp","ISO8601"/"ISO8601"]
target => "timestamp"
}
Upvotes: 0
Views: 98
Answers (1)
Sandeep Kanabar
Reputation: 1302
How about using grok pattern to collect the dates into separate fields and then join them using mutate
filter {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:date_1}/%{TIMESTAMP_ISO8601:date_2}" ]
tag_on_failure => [ "_failure", "_grokparsefailure" ]
}
if "_failure" not in [tags] {
mutate {
add_field => { "timestamp" => "%{date_1}/%{date_2}"}
}
}
}
Upvotes: 1
Related Questions
- Convert a string to date in logstash in json DATA
- Logstash Date Parsing different
- _dateparsefailure when the date already has a match
- How to parse the date using Date Filter
- Parse only date part not time logstash
- Logstash Parse Date Issue
- Logstash filter parse date format
- Parsing date using Logstash
- Logstash date filter in a special case
- Logstash: Failed parsing date