Hi techs....
Does anyone have grok pattern available to convert epoch timings to date time format. If yes, could any one do the noble cause and share here..
Have seen couple of posts as below for this where Grok UNIX_MS is used to suffice this requirement. But unluckily when I checked in my environment, I didn't find any such Grok pattern.
TIA,
Deepak Shukla
UNIX_MS is used in a date filter, not in a grok filter.
Hi @Badger and @chenbe2204.. Thanks for your inputs.
Basically below is the logs I am getting from AWS WAF and objective is to convert the epoch to date time format. To achieve this, have tried below pipeline, unfortunately it's not working. Any suggestions...any headups?
{"timestamp":1574785248813,"formatVersion":1,"webaclId":"XXXXXXXXXXXXXXXX-YYYYYYYYYYYYY","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","httpSourceName":"XX"………………………………………………………….
else if [APPLICATION] =~ "aem-waf"
{
json {
source => "message"
}
date
{
match => ["epoch_time", "UNIX_MS"]
target => "timestamp"
}
mutate { add_tag => [ "json_parse" ] }
}
TIA,
Deepak Shukla
Your JSON contains a field called timestamp, not epoch_time.
as Badger said you need something like this
date { match => ["timestamp", "UNIX_MS","ISO8601"]
target => "timestamp"
}
@elasticforme @Badger @ITIC..... Thanks guys. Awesome. It worked well. Thank you so much for all your contribution. Feeling lil relieved 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.