Hi,
I need to convert @timestamp to epoch and add this new field to the event.
So far I can only add a new field with the content of "@timestamp".
filter {
mutate
{
add_field => ["epochtime", "%{@timestamp}"]
}
}
I'm sure this will be an easy fix although I can't find anything to lead me to my answer.
Please assist.
Thank you,
Rivaan
you can use the ruby filter for this:
input { generator { count => 1 } }
filter {
# for logstash 5.x
ruby { code => "event.set('epoc', event.get('@timestamp').to_i)" }
# for logstash 2.x
# ruby { code => "event['epoc'] = event['@timestamp'].to_i" }
}
output { stdout { codec => rubydebug } }
{
"epoc" => 1478082411,
"sequence" => 0,
"@timestamp" => 2016-11-02T10:26:51.303Z,
"@version" => "1",
"host" => "Joaos-MBP-5.lan",
"message" => "Hello world!"
}
Hi @jsvd,
This works!! Thank you so much! 
Is it possible to also convert this to my timezone?
Thank you so much! 
Rivaan
I've figure out a method to push it into my timezone.
# ruby { code => "event['epoc'] = event['@timestamp'].to_i + 7200" }
Thank you for your help!
hi!!
do you can tell me how i can use this in this case?
1487596174.308 3 10.241.252.78 TCP_DENIED/407 1554 GET http://adrta.com/i? - NONE/- text/html
(access log of squid)
grok { match => [ "message", "%{NOTSPACE:fecha}\s+%{NUMBER:respuestaMS} %{IPV4:ip_user} %{WORD:estado}/%{NUMBER:codigo_http} %{NUMBER:respuestaKB} %{WORD:metodo} %{NOTSPACE:url} %{DATA:user} %{DATA:estado}/%{DATA:ip_srv} %{GREEDYDATA:tipo}" ] }
But I'm missing the date conversion epoch to @timestamp
I have all parsed but I'm missing the date conversion epoch to @timestamp
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.