Convert unix to standard date/time with milliseconds

tgdesrochers · October 10, 2017, 5:09pm

Elasticsearch 5.6
Logstash 5.6

I have a log that is created with the below field:
unixTime: 1507655093
I am using the below logstash config to parse the date into the @timestamp field:
date { match => ["unixTime", "UNIX"] }
My result is returns a date formatted as:
2017-10-10T17:04:53.000Z

What I expected was to get a date with the milliseconds included. Having all the events that could fire in a second all wrapped into the same timeframe is not ideal for log analysis.

Am I missing something simple to get logstash to output the Epoch with milliseconds?

theuntergeek · October 10, 2017, 6:24pm

It appears your unixTime field doesn't provide millisecond resolution. I pasted it at https://www.epochconverter.com and got: GMT: Tuesday, October 10, 2017 5:04:53 PM, exactly as you get from the date filter.

If your unixTime field value did provide millisecond resolution, you could use UNIX_MS instead of UNIX, and it would capture the milliseconds.

tgdesrochers · October 10, 2017, 10:10pm

Thank you. I will try to get the application, osquery, to give me more
granular times.

Topic		Replies	Views
Convert unix time to date Logstash	4	5507	May 17, 2018
Convert NanoSecond Unix timestamp Logstash	9	1966	February 28, 2023
Logstash date filter in UNIX_MS from two fields Logstash	10	6792	October 5, 2017
LOGSTASH convert unix ms timestamp Logstash	2	3240	September 27, 2017
Logstash Unix Timestamp convert to milliseconds Logstash	2	2128	May 2, 2017

Convert unix to standard date/time with milliseconds

Related topics