Elasticsearch taking wrong date from my unix time value

raja_gopal · February 12, 2018, 4:10am

Hi

I have created an index with date values in this below format

"LastChangedAt" : {
"type" : "date",
"format" : "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||date_time||epoch_millis"
},

Now in logstash i just parsed the xml file using xml filter

xml {
store_xml => true
source => message
target => parsed_message
force_array => false
remove_field => "message"
}
When i view the data in elasticsearch i see that the date value is just the epoch value in timestamp and it is converting the exact value. I even used the date filter to convert unix value to timestamp and checked but it failed

date {
match => [ "[parsed_message][LastChangedAt]", "UNIX" ]
target => "LastChangedAt"
}

Is it a mistake in configuration, if so is there a possibility to recover ?

system · March 12, 2018, 4:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash datetime filter if else Logstash	8	1830	December 21, 2020
Date filter in logstash Logstash	7	845	February 13, 2022
Parse UNIX timestamp as human readable date while moving the data into elasticsearch Logstash	3	1113	February 4, 2019
Date conversion with Logstash Logstash	5	436	May 20, 2022
Date filter not working Logstash	6	1779	April 29, 2017

Elasticsearch taking wrong date from my unix time value

Related topics