Logstash KV plugin, convert string values to timestamp Logstash

Question

I am using Logstash 5.5 to parse my logs. I have following format of the logs:

time taken for doing transfer once for all files in seconds=23 transfer start time= 201708030959 transfer end time = 201708030959.

I am using KV plugin to get the key/value pair from this file. I want to convert received "time" key's value "201708030959" to actual timestamp. I am using following configuration:

filter {
        kv {
                allow_duplicate_values => false
                trim_key => "\s"
                value_split => "="
        }

        date {
           match => ["time","YYYYMMddHHmm"]
        }

}

But, it does not convert "time" to date/timestamp when I check in Kibana. It keeps it as String. Please let me know how can I convert this string time value to actual timestamp?

Answer 1

The date filter is used to parse a text field and use it as the timestamp for the log event.

If you take a look at your events in kibana or elastic search, as long as your date filter config is correct, you should find a field called timestamp of type date with the same value of your time string field.

If that's the case you can remove your time field with the mutate filter if you wish.