The grok-filter %{COMBINEDAPACHELOG} formats the timestamp as dd/MMM/YYYY:HH:mm:ss Z however I need the timestamp in the format of yyyy-MM-dd HH:mm:ss
I tried the below configuration
grok {
match => [
"message", "%{COMBINEDAPACHELOG}",
]
break_on_match => false
}
date {
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
target => ["datetime"]
}
but got the below parsing error:
Failed parsing date from field {:field=>"timestamp", :value=>"19/May/2012:12:40:18 -0700", :exception=>java.lang.IllegalArgumentException: Invalid format: "19/May/2012:12:40:18 -0700" is malformed at "/May/2012:12:40:18 -0700", :level=>:warn}
Would highly appreciate if anyone can throw more light on the same.
The COMBINEDAPACHELOG pattern is expecting the date in the log entry to match the format so it can shove it into the "timestamp" field. It doesn't format your timestamp at all.
Once the date has been grok'ed out into "timestamp", you can use the date{} filter to move it into #timestamp. The pattern you supply there should match whatever's in the field.
So, pass "dd/MMM/yyyy:HH:mm:ss Z" as the format to date{} and you should be all set.
EDIT:
Based on your additional details, I was hoping that you could match each component of the input date and then combine them into a new field. That would work if you were trying to swap, say, firstName and lastName in a string, but dates are more complicated. A simple string swap wouldn't handle converting "Jan" to "01" or deal with timezones at all.
So, we're back to creating a date object and then outputting that as a string in the format you desire.
# convert "timestamp" to a date field "datetime"
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
target => ["datetime"]
}
# convert "datetime" to a string "datestring"
ruby {
code => "
event['datestring'] = event['datetime'].strftime('%Y-%m-%d %H:%M:%S')
"
}
For the latest version of Logstash the code would be:
# convert "datetime" to a string "datestring"
ruby {
code => "event.set('datestring', event.get('datetime').strftime('%Y-%m-%d %H:%M:%S'))"
}
Related
I wanted to do reverse ordering using Date field from highest to lowest (DSC). This question is similar to the below link Reverse ordering in Mule4. Thought small tweaks would make the fix. Tried various ways.Not working. When I try to format date it says the key cant be formatted to date or it complains about -. Any thoughts? Thanks
%dw 2.0
output application/json
var test = { "2022-10-19":[{"kio":"spotage"}] ,
"2022-10-17": [{"kio":"spotage"}] ,
"2022-10-18": [{"kio":"spotage"}]
}
---
test orderBy -($$ as String as Date {format: "yyyy-MM-dd"}
)
Expected Response:
{
"2022-10-19": [
{
"kio": "spotage"
}
],
"2022-10-18": [
{
"kio": "spotage"
}
],
"2022-10-17": [
{
"kio": "spotage"
}
]
}
The orderBy() function seems to be expecting a number to be able to do reverse sorting. A Date can not be converted directly to a number in DataWeave. However the date format 'yyyyMMdd' can be converted to a number that can directly sorted.
Example:
%dw 2.0
output application/json
var test = {
"2022-10-18":[{"kio":"spotage"}],
"2022-10-17": [{"kio":"spotage"}],
"2022-10-19": [{"kio":"spotage"}]
}
---
test orderBy -($$ as String as Date {format: "yyyy-MM-dd"} as String {format: "yyyyMMdd"} as Number)
I modified the input to show that the script actually orders the output.
I have a JSON object stored in Azure Cosmos DB, and I'm seeing if there's a way to write workable queries doing basic things like Order By.
The structure looks something like :
[
{
"id":"id1",
"title":"test title",
"dataRecord":{
"version":1,
"dataRecordItems":[
{
"itemTitle":"item title 1",
"type":"string",
"value":"My First Title"
},
{
"itemTitle":"item number",
"type":"number",
"value":1
},
{
"itemTitle":"date",
"type":"date",
"value":"21/11/2019 00:00:00"
}
]
}
},
{
"id":"id2",
"title":"test title again",
"dataRecord":{
"version":1,
"dataRecordItems":[
{
"itemTitle":"item title 2",
"type":"string",
"value":"My Second Title"
},
{
"itemTitle":"item number",
"type":"number",
"value":2
},
{
"itemTitle":"date",
"type":"date",
"value":"20/11/2019 00:00:00"
}
]
}
]
I can use ARRAY_CONTAINS to find objects with a particular value, but I run into all kinds of issues if I try to sort by an the value of an object which has the title of "date".
So, as an example, I'd like to be able to say something like (pseudoish code here):
SELECT * FROM c WHERE
ARRAY_CONTAINS(c.dataRecord.dataRecordItems,
{"itemTitle":"item title 2", "value" : "My Second Title"}, true)
AND
ARRAY_CONTAINS(c.dataRecord.dataRecordItems,{"itemTitle":"item number", "value" : 2}, true)
ORDER BY < *** SOMEHOW GET THE DATE HERE from itemTitle = date ***
Then, in this simple case, I would everything returned, but ordered by date.
Obviously in the future I would be pulling out individual fields, but it's all kind of moot if I can't do the first part.
Just wondering if anyone has any great ideas.
Cheers!
You need to store the date in ISO 8601 format:
Year:
YYYY (eg 1997)
Year and month:
YYYY-MM (eg 1997-07)
Complete date:
YYYY-MM-DD (eg 1997-07-16)
Complete date plus hours and minutes:
YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00)
Complete date plus hours, minutes and seconds:
YYYY-MM-DDThh:mm:ssTZD (eg 1997-07-16T19:20:30+01:00)
Complete date plus hours, minutes, seconds and a decimal fraction of a
second
YYYY-MM-DDThh:mm:ss.sTZD (eg 1997-07-16T19:20:30.45+01:00)
where:
YYYY = four-digit year
MM = two-digit month (01=January, etc.)
DD = two-digit day of month (01 through 31)
hh = two digits of hour (00 through 23) (am/pm NOT allowed)
mm = two digits of minute (00 through 59)
ss = two digits of second (00 through 59)
s = one or more digits representing a decimal fraction of a second
TZD = time zone designator (Z or +hh:mm or -hh:mm)
https://www.w3.org/TR/NOTE-datetime
I am writing a script in python to create an event.Newbie at this.Below is the entire script code for reference.
import requests,json
from datetime import datetime
event={}
event['name']={}
print("Enter the following:\ntitle of event")
event['name']['html']=input()
event['description']={}
event['description']['html']=input("Event description:\n")
event['start']={}
startdate=datetime.strptime(input("start datetime eg :Jun 1 2005 1:33PM :\n"),'%b %d %Y %I:%M%p')
event['start']['utc']=str(startdate.date())+'T'+str(startdate.time())+'Z'
#event['start']['utc']=startdate.isoformat()+"Z"
#Turning datetime in YYYY-MM-DDThh:mm:ssZ format
event['start']['timezone']=input("timezone eg Asia/kolkata\n")
event['end']={}
enddate=datetime.strptime(input("end datetime eg :Jun 1 2005 1:33PM\n"),'%b %d %Y %I:%M%p')
event['end']['utc']=str(enddate.date())+'T'+str(enddate.time())+'Z'
#event['end']['utc']=enddate.isoformat()+"Z"
event['end']['timezone']=event['start']['timezone']
event['currency']=input("3 letter code")
response = requests.post("https://www.eventbriteapi.com/v3/events/",
headers = {
"Authorization": "Bearer NC.....",
"Content-Type" : "application/json"
},
data=json.dumps({"event":event}),
verify = True, # Verify SSL certificate
)
Strictly followed the docs https://www.eventbrite.com/developer/v3/endpoints/events/
According to docs datatype of event.start.utc and event.start.end data shall be datetime i.e "2010-01-31T13:00:00Z"
We can see in the comments I also tried with isoformat function.
On printing event object I found the same format as specified in the docs.
But receiving response.content as event.start invalid argument or event.start.utc as datetime wrong format use instead "YYYY-MM-DDThh:mm:ssZ" !!
I ran into date issues with Eventbrite too; after debugging found this to work for events:
{ event:
{ name: { html: 'Postman API Event!' },
description:
{ html: 'My fav event is The Winter Formal.' },
start: { timezone: 'America/Los_Angeles', utc: '2018-09-06T00:19:53Z' },
currency: 'USD',
listed: false,
end: { timezone: 'America/Los_Angeles', utc: '2018-09-06T00:20:53Z' } } }
and of course, different date formats in another part of API ;-)
Regarding discounts / cross event discount, where the docs specify a
Naive Local ISO8601 date and time format
First I've heard of the 'Naive' format? Why no example Eventbrite? Here's what worked:
2018-10-11T12:13:14
I am having trouble to get my filter of a defect store working. I am trying to to get all the defect that are created after a specific date( Release.ReleaseDate ).
_getFilters: function(startDate) {
var dateFilter = Ext.create('Rally.data.wsapi.Filter', {
property: 'CreationDate',
operator: '>',
value: startDate
});
console.log('startDate is: ', startDate); //Sat Aug 23 2014 02:59:59 GMT-0400 (Eastern Daylight Time)
console.log(dateFilter.toString());
return dateFilter;
},
With the above filter, I always get an empty result, even thought I have verified that there are indeed some defects that are created after the startDate.
Note: If I remove the filter in the store config, I do see a list of defects.
Am I missing anything?
Thanks
The date has to be converted to ISO format. Assuming you got the release object:
var releaseStartDate = release.get('ReleaseStartDate');
var releaseStartDateISO = Rally.util.DateTime.toIsoString(releaseStartDate,true);
your filter will include this:
{
property : 'CreationDate',
operator : '>',
value : releaseStartDateISO
}
A full example is in this github repo.
It turns out that I need to 'reformat' the startDate to the following form before passing it to the filter.
YYYY-MM-DD
I'm trying to configure logstash with redis and elasticsearch.
I have a problem with the #timestamp field.
The value of #timestamp is always the real event timestamp -2 hrs.
I have a shipper configured like this :
input{ file {...}}
filter{
if [type]=="apachelogs"{
grok{
match => [ "message", "%{COMBINEDAPACHELOG}"]
}
date {
locale => "en"
timezone => "Europe/Brussels"
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
}
output{ redis{...}}
and a logstash-indexer like this :
input{ redis {...}}
output { elasticsearch {...}}
The result of an event in ES looks like this :
"#timestamp": "2014-05-21T13:29:53.000Z"
...
"timestamp": "21/May/2014:15:29:53 +0200"
So as you can see there is always a 2hrs offset in the #timestamp and I can't figure out why.
I've tried different things such as changing the timezone etc. without success.
Any idea about this one ?
Thanks
You can use this filter to change timezone.
Change
"#timestamp": "2014-04-23T13:40:29.000Z"
to
"#timestamp": "2014-04-23T15:40:29.000+0200"
Try to use this filter
filter {
ruby {
code => "
event['#timestamp'] = event['#timestamp'].localtime('+02:00')
"
}
}
Hope this can help you.
timezone should be work.
What's wrong with your result? Values in following two fields indicate the same time point.
"#timestamp": "2014-05-21T13:29:53.000Z"
"timestamp": "21/May/2014:15:29:53 +0200"
Where Z stands for +0000.