Hi,
In 5.x we used to fetch @timestamp as epoch using docvalue_field in the query. We have upgraded to 6.x from 5.x and seeing that @timestamp is in text format even though we use docvalues_field in 6.x. Could you help to fetch timestamp in epoch format.
Below is the output of a query from both the versions
In 5.x it is numeric:
"_source": {
"event_id": "f31f32a2796dac9f9e795347516afe03e57bd843",
"event_timestamp": "2018-02-12T02:50:57.277482+00:00"
},
"fields": {
"event_timestamp": [
1518403857277
]
},
In 6.x it is textual:
"_source": {
"event_id": "f31f32a2796dac9f9e795347516afe03e57bd843",
"event_timestamp": "2018-02-12T02:50:57.277482+00:00"
},
"fields": {
"event_timestamp": [
"2018-02-06T13:35:35.225Z"
]
}