add_field doesn't appear to work using date filter

[krisATelastic]

• Version: 6.7.x
• Operating System: Ubuntu (DEB Package)
• Config File (if you have sensitive info, please remove it):

input { stdin { codec => json } }

filter {
  date {
    add_field => { "logtimestamp" => "%{[date]} %{[time]}" }
    match => [ "logtimestamp", "dd/MM/yy HH:mm:ss.SSSSSS" ]
  }
}

output { stdout {} }

• Sample Data: {"date":"19/04/25","time":"10:20:34.443879"}
• Steps to Reproduce: Using the above configuration and data, you'll see that the add_field does not construct the logtimestamp field to simplify building a field to match the datestamp using a single filter call.

  {
    "@version" => "1",
        "time" => "10:20:34.443879",
        "host" => "lstest",
        "date" => "19/04/25",
  "@timestamp" => 2019-05-13T11:54:57.645Z
  }

  The same add_field configuration works when using mutate instead no problems, but figured i'd report this for consistency.

  
  input { stdin { codec => json } }

filter { mutate { add_field => { "logtimestamp" => "%{[date]} %{[time]}" } } date { match => [ "logtimestamp", "dd/MM/yy HH:mm:ss.SSSSSS" ] } }

output { stdout {} }

Output

{ "@timestamp" => 2025-04-19T00:20:34.443Z, "host" => "lstest", "date" => "19/04/25", "time" => "10:20:34.443879", "@version" => "1", "logtimestamp" => "19/04/25 10:20:34.443879" }

[TheVastyDeep]

That is expected. add_field is one of the common options ("decoration") that is performed when a filter has successfully executed. Also, the date filter is a no-op if the field to be matched does not exist. So the filter does not successfully match the field, so it does not add_field you are asking it to match.