Date Processor

Date [date]

This processor parses a date field and outputs the date to the "targetField" in a format that elasticsearch supports.

Date parsing should always have an existing targetField which is already mapped as a date or it should be a new field.

• field
• targetField (default = @timestamp optional)
• formats - An array, one of these: https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html
• timeZone - one of these: https://docs.oracle.com/javase/8/docs/api/java/time/ZoneId.html (optional) You can try to use this timezone list http://joda-time.sourceforge.net/timezones.html but make sure to test because not all zones exist in sawmill. You can also use this tool to find the TZ based on location, https://www.zeitverschiebung.net/en/all-countries.html
• outputFormat - one of these: https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html

Sawmill PREBUILT date parsing FORMATS:

• UNIX
• UNIX_MS
• ISO8601
• ELASTIC

Example

{
  "steps": [
    {
      "date": {
        "config": {
          "field": "timestamp",
          "targetField": "@timestamp",
          "formats": [
            "ISO8601",
            "UNIX_MS"
          ]
        }
      }
    }
  ]
}

{
  "steps": [
    {
      "date": {
        "config": {
          "field": "timestamp",
          "targetField": "@timestamp",
          "timeZone": "Europe/Paris",
          "formats": [
            "MMMM dd.... yyyy hh:mm:ss a 'CEST'",
            "MMMM  d.... yyyy hh:mm:ss a 'CEST'",
            "MMMM d.... yyyy hh:mm:ss a 'CEST'"
          ]
        }
      }
    }
  ]
}