Accessing array elements in logstash

Question

Accessing array elements in logstash

I am trying to convert this YYYY-MM-DD_HH-MM-SS date structure to YYYY-MM-DD HH: MM: SS in logstash. Here's my filter:

filter {


    csv {
        separator => " "

        columns => ["date","abc","xyz"]
    }

    mutate {

        split => ["date", "_"]
        gsub => [date[1]","-",":"]
        join => ["date", " "] 
    }

}

But I cannot access date [1] even though it exists, sniipet from JSON results:

                 "date" => [
  [0] "2014-09-22",
  [1] "02-35-56" ],

What is the correct syntax to access date [1]? If none exist, what would be an alternative filter to transform this date structure?

+3

logstash gsub

user1411110 24 Sep 14 at 2:21

source to share

1 answer

Ben lim · Accepted Answer · 2014-09-24T04:52:15+0000

You can try to use ruby filter

filter{
    ruby {
        code => "
             temp = event['date']
             event['date'] = temp.split('_')[0] + ' '+ temp.split('_')[1].gsub('-',':')
        "
    }
}

Use ruby code to convert date.

Accessing array elements in logstash

More articles: