Search code examples
logstashlogstash-configuration

Convert a string to date in logstash in json DATA

From this source data

2022-01-21 12:25:01,339 {"category":"runtime","some_id":"order","correlation_id":"OEID_1","servid":"143","provision_id":"898769049","operation_name":"CREATE", "processing_state":"ACTIVE","lifecycle_state":"ACTIVE","created":"2022-01-21 12:25:00,369","changed":"2022-01-21 12:25:00,806","runtime":"0.437"}

and my basic logstash config

filter {

  grok {
    match => { message => "^%{TIMESTAMP_ISO8601:logdate}%{SPACE}*%{DATA:json}$" }
    add_tag => [ "matched", "provisioning_runtime" ]
  }

  json {
    source => "json"
    add_tag => [ "json" ]
  }

  # matcher for the @timestamp
  date {
    match => [ "logdate", "ISO8601", "yyyy-MM-dd HH:mm:ss,SSS"]
  }

i tried to convert the created field from string to a date field, but not replacing the @timestamp field. How to insert this in the config, i dont understand this, all i tried doesnt work

Solution

  • You can use something like

     date {
    match => [ "logdate", "ISO8601", "yyyy-MM-dd HH:mm:ss,SSS"]
    target => "logdate"
  }

    Here's the documentation.