Convert date [string] to an ElasticSearch date field?

asked 2019-06-17

daveh

updated 2019-06-17

Using the Elasticsearch 5.2.0 stage, with a /datetime field formated as 'yyyy-MM-dd HH:mm:ss.SSSZ', I'm trying to convert the /datetime field to an ElasticSearch date field so that I can have Kibana use that as the @timestamp field.

However, using the Field Converter and selecting either the DATETIME/DATE/TIME conversion, SDC sends the converted field as an epoch number which ES recognizes as a number rather than a date/time field

How can have the ElasticSearch stage send a datetime field to ES?

Thanks in advance.

What format is ES expecting for its date fields?

metadaddy ( 2019-06-17 14:06:37 -0600 )

answered 2019-08-14

WebMenace

updated 2019-08-14

Elasticsearch can consume just about every kind of standard date, or datetime strings.

datetime examples:

yyyy-MM-dd HH:mm:ss (2019-08-08 17:55:26)
yyyy-MM-dd HH:mm:ss.SSS (2019-08-08 17:55:26.472)
yyyy-MM-ddTHH:mm:ss.SSS (2019-08-08T17:55:26.472-07:00)

It uses Java JodaTime implementation under the hood too.

But right at this moment I'm struggling with the same problem.

No matter how I transform the field that I want to use for the 'Time Basis', the Elasticsearch designation stage will only deliver a unix epoch to elasticsearch.

I think something is messed up, or the documentation is missing a minor detail. (Currently trying to get the entire stack to build in Eclipse so I can debug)

