Enable Logstash to send date as epoch in milliseconds

EricPSU · October 5, 2018, 1:05pm

I'm looking for the best way to have Logstash send dates as epoch in milliseconds. My Elasticsearch index has the field mapping below.

"createdDate": {
   "type":   "date",
   "format": "epoch_millis"
}

If I post a document to the index via cURL, the date returns as epoch in milliseconds like this:

"createdDate": 1523302154204

If I post a document to the index via Logstash, the date returns as epoch in seconds like this:

"createdDate": 1523287754

I am able to use the Ruby filter below to force milliseconds, but I feel like there is a better solution.

if ([createdDate]) {
  ruby {    
    code => "event.set('createdDate', (event.get('createdDate').to_i * 1000));"
  }	
}

system · November 2, 2018, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.