How to generate @timestamp in logstash by combining two fields / columns of input csv

Question

We have data that is coming from external sources as below in csv file:

orderid,OrderDate,BusinessMinute,Quantity,Price
31874,01-01-2013,00:06,2,17.9

The data has date in one column and time in another column - I need to generate a time-stamp by combining those two columns together.

I am using csv filter to read the above data from file using below configuration in logstash - which is generating its own timestamp:

input {  
  file {
      path => "/root/data/import/Order.csv"
      start_position => "beginning"
  }
}
filter {
    csv {
        columns => ["orderid","OrderDate","BusinessMinute","Quantity","Price"]
        separator => ","
    } 
}
output {  
    elasticsearch {
        action => "index"
        host => "localhost"
        index => "demo"
        workers => 1
    }
}

How to make the combination of OrderDate + Business Minute as the @timestamp?

Answer 1

Use a mutate filter to combine the OrderDate and BusinessMinute fields into a single (temporary) field, then use the date filter and have it delete the field if it's successful.

filter {
  mutate {
    add_field => {
      "timestamp" => "%{OrderDate} %{BusinessMinute}"
    }
  }
  date {
    match => ["timestamp", "..."]
    remove_field => ["timestamp"]
  }
}