CSV EPOCH to Timestamp

teamg · May 15, 2019, 8:35pm

I have a csv file with contents similar to this:

UNIT_ID,Serial_Number,TIME
UNIT4690,MMC3430089,1557866550
UNIT4691,MMC3500092,1557866545
UNIT4692,MMC5100135,1557866546

This first line are the column names. The TIME column is the EPOCH time of the record retrieval. I'm able to ingest it into Elastic via Logstash but I want the @timestamp to be the time in the TIME column.

My filter is as follows:

filter {
csv {
separator => ","
columns => [ "UNIT_ID" , "Serial_Number" , "Query Date" ]
}
    date {
            match => [ "TIME" , "UNIX" ]
    }
}

When I ingest it now they all have the same @timestamp. What am I missing?

Badger · May 15, 2019, 8:50pm

You renamed the TIME column to field [Query Date] using the columns option of your csv filter.

teamg · May 16, 2019, 3:04pm

Sure did. Replacing it with TIME fixed the problem. Thanks again Badger.

system · June 13, 2019, 3:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.