Mike Hillwig continues his Logstash series:
So far, I’ve done a decent job getting the data into shape. My biggest challenge, though, was the dates and times. Dates are in one field, and the times are in another. Dates look like 2014-02-26 and times look like 0852 Using a traditional datetime datatype would be nice to have, so I’ll have to do it myself. In order to turn a date and time into a datetime, I need to abut the two fields and then convert it.
I accomplished this by using a mutate filter, employing by several add_field commands. Notice how I simply abut the two times.
Read on to see how Mike does it.