Enable Logstash to send date as epoch in milliseconds

EricPSU · October 5, 2018, 1:05pm

I'm looking for the best way to have Logstash send dates as epoch in milliseconds. My Elasticsearch index has the field mapping below.

"createdDate": {
   "type":   "date",
   "format": "epoch_millis"
}

If I post a document to the index via cURL, the date returns as epoch in milliseconds like this:

"createdDate": 1523302154204

If I post a document to the index via Logstash, the date returns as epoch in seconds like this:

"createdDate": 1523287754

I am able to use the Ruby filter below to force milliseconds, but I feel like there is a better solution.

if ([createdDate]) {
  ruby {    
    code => "event.set('createdDate', (event.get('createdDate').to_i * 1000));"
  }	
}

system · November 2, 2018, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Epoch time in milliseconds with decimal Elasticsearch	4	2074	July 5, 2017
Insert epoch time as "date" field, without converting to ISO8601 format Logstash	2	777	August 3, 2022
Date/time field formatting from csv input Logstash	3	322	April 1, 2023
Ingesting nanoseconds into elasticsearch Logstash	2	645	November 26, 2019
How to index nanoseconds precision events with Logstash (7.10) and type date_nanos Logstash	1	5397	February 21, 2021