I want to combine two fields from a logfile and use the result as timestamp for logstash.
The logfile is in csv format and the date format is somewhat confusing. Date and time are formated like this:
Datum => 17|3|19
Zeit => 19:21:50
I tried the following code.
filter {
csv {
separator => ","
columns => [ "Datum", "Zeit" ]
}
mutate {
merge => { "Datum" => "Zeit" }
}
date {
match => [ "Datum", "d M yy HH:mm:ss" ]
}
}
The merge part seems to work with this result
"Datum" => [
[0] "17|3|19",
[1] "23:32:37"
]
but for the conversion of the date i get the following error message:
"_dateparsefailure"
can someone please help me?
With an event with the following fields:
"Datum" => "17|3|19"
"Zeit" => "19:21:50"
I got a working configuration:
mutate {
merge => { "Datum" => "Zeit" }
}
mutate {
join => {"Datum" => ","}
}
date {
match => [ "Datum", "d|M|yy,HH:mm:ss" ]
}
This give me in the output: "@timestamp":"2019-03-17T18:21:50.000Z"