Enable Logstash to send date as epoch in milliseconds

EricPSU · October 5, 2018, 1:05pm

I'm looking for the best way to have Logstash send dates as epoch in milliseconds. My Elasticsearch index has the field mapping below.

"createdDate": {
   "type":   "date",
   "format": "epoch_millis"
}

If I post a document to the index via cURL, the date returns as epoch in milliseconds like this:

"createdDate": 1523302154204

If I post a document to the index via Logstash, the date returns as epoch in seconds like this:

"createdDate": 1523287754

I am able to use the Ruby filter below to force milliseconds, but I feel like there is a better solution.

if ([createdDate]) {
  ruby {    
    code => "event.set('createdDate', (event.get('createdDate').to_i * 1000));"
  }	
}

system · November 2, 2018, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is there a way to map a date to milliseconds since epoch for Logstash? Logstash	6	1724	December 30, 2016
Output date in epoch_millis format Logstash	2	911	November 21, 2017
Epoch time in milliseconds with decimal Elasticsearch	4	2078	July 5, 2017
Insert epoch time as "date" field, without converting to ISO8601 format Logstash	2	795	August 3, 2022
@timestamp - Epoch - Illegal Date Format exception Logstash	3	572	May 31, 2018