I have a log that is created with the below field: unixTime: 1507655093
I am using the below logstash config to parse the date into the @timestamp field: date { match => ["unixTime", "UNIX"] }
My result is returns a date formatted as: 2017-10-10T17:04:53.000Z
What I expected was to get a date with the milliseconds included. Having all the events that could fire in a second all wrapped into the same timeframe is not ideal for log analysis.
Am I missing something simple to get logstash to output the Epoch with milliseconds?
It appears your unixTime field doesn't provide millisecond resolution. I pasted it at https://www.epochconverter.com and got: GMT: Tuesday, October 10, 2017 5:04:53 PM, exactly as you get from the date filter.
If your unixTime field value did provide millisecond resolution, you could use UNIX_MS instead of UNIX, and it would capture the milliseconds.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.