Convert unix timestamp to epoch_second and assign to @timestamp

nika · March 21, 2023, 6:58am

I'm sorry if this is covered elsewhere, but I have been having trouble getting this to work.

I have a field in a log being sent to elasticsearch from filebeat. The log is ndjson formatted.

The field is called time and contains a value formatted like so: "1679266923.890941"

I first tried doing the following:

PUT _ingest/pipeline/id
{
  processors [
  {
    "date": {
      "field": "time",
      "formats": [ "epoch_second"]
  }
]
}

This does not put a proper, correct date (the date is several years before the actual date of this timestamp).

So I tried this:

PUT _ingest/pipeline/id
{
  processors [
  {
    "convert" {
      "field": "time",
      "type": "long"
    }
  },
  {
    "date": {
      "field": "time",
      "formats": [ "epoch_second"]
    }
  }
]
}

This produces an error with filebeat.

Any suggestions would be very helpful.

Thanks.

nika · March 22, 2023, 4:54pm

Doing the following solved the issue:

PUT _ingest/pipeline/my_pipeline
{
  "processors": [
    {
      "date":: {
        "field": "time",
        "formats": ["UNIX"]
      }
    }
  ]
}

system · April 19, 2023, 4:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ingest Grok Pipeline - Unix Timestamps Elasticsearch	4	6108	December 5, 2017
Ingestion pipeline milliseconds Kibana ingest-pipeline	11	855	July 14, 2021
Date processor - Pipeline Elasticsearch ingest-pipeline	4	1160	March 19, 2022
Dates in epoch.milliseconds and ingest node Elasticsearch	7	4196	November 4, 2022
Ingest pipeline drops the field as @timestamp while loading Elasticsearch's server and slowlog using filebeat Beats filebeat	10	1449	October 5, 2020

Convert unix timestamp to epoch_second and assign to @timestamp

Related topics