Date Processor - logzio/sawmill GitHub Wiki
Date [date]
This processor parses a date field and outputs the date to the "targetField" in a format that elasticsearch supports.
Date parsing should always have an existing targetField which is already mapped as a date or it should be a new field.
- field
- targetField (default = @timestamp optional)
- formats - An array, one of these: https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html
- timeZone - one of these: https://docs.oracle.com/javase/8/docs/api/java/time/ZoneId.html (optional) You can try to use this timezone list http://joda-time.sourceforge.net/timezones.html but make sure to test because not all zones exist in sawmill. You can also use this tool to find the TZ based on location, https://www.zeitverschiebung.net/en/all-countries.html
- outputFormat - one of these: https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html
Sawmill PREBUILT date parsing FORMATS:
- UNIX
- UNIX_MS
- ISO8601
- ELASTIC
Example
{
"steps": [
{
"date": {
"config": {
"field": "timestamp",
"targetField": "@timestamp",
"formats": [
"ISO8601",
"UNIX_MS"
]
}
}
}
]
}
{
"steps": [
{
"date": {
"config": {
"field": "timestamp",
"targetField": "@timestamp",
"timeZone": "Europe/Paris",
"formats": [
"MMMM dd.... yyyy hh:mm:ss a 'CEST'",
"MMMM d.... yyyy hh:mm:ss a 'CEST'",
"MMMM d.... yyyy hh:mm:ss a 'CEST'"
]
}
}
}
]
}
{
"steps": [
{
"date": {
"config": {
"field": "timestamp",
"targetField": "@timestamp",
"formats": [
"ISO8601"
],
"outputFormat ": "UNIX_MS"
}
}
}
]
}