Logstash version: 6.5.0
How do we convert epoch millisecond to datetime? Thanks in advance.
Below parses data and in Kibana is seen as below which is wrong.
(t) epoch_time: 1542765548000000000
Input log content as below
value=9663.8 1542765548000000000
value=9736.7 1542765548000000000
value=10453.89 1542765548000000000
logstash config file
filter {
grok {
match => { "message" => "value=%{BASE10NUM:cpu_value}\ %{PROG:epoch_time}"}
}
date {
match => [ "epoch_time","UNIX_MS" ]
target => "myTime"
}
}
That looks like nanoseconds and not milliseconds. Drop the last 6 digits and I think you should get the expected timestamp with that date filter.
sumitbiswas
November 21, 2018, 12:04pm
3
Hi Christian,
Thanks for the suggestion. Can you please suggest how do we remove last 6 digits?
Eniqmatic
November 21, 2018, 12:20pm
4
The obvious way would be to divide by 1000000.
You could do this using a ruby filter first:
ruby {
code => "event.set('epoch_time_convert', event.get('epoch_time') / 1000000)"
}
Which will give you a field epoch_time_convert: 1542765548000
Then do:
date {
match => [ "epoch_time_convert","UNIX_MS" ]
target => "myTime"
}
1 Like
The easiest way would probably be to change your grok pattern to capture the last 6 digits separately.
Thanks Eniqmatic and Christian for your suggestions. It solved the problem.
system
December 19, 2018, 1:24pm
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.