Grok Pattern for below time stamp

Ravikumar_G · June 9, 2017, 3:55pm

Log FIle

1496975411.858 cqtt=02:30:11 chi=127.0.0.1 cqhm=GET pssc=304 ttms=1 b=0 sssc=304 sscl=0 cfsc=FIN pfsc=FIN crc=TCP_REFRESH_HIT phr=DIRECT uas="teakd 1.9.2/2017-05-01/4e528b7-git" xmt="trace-id=c0a91be7-d68b-4f99-a3b4-ed34c1be98f6;parent-id=0;span-id=0x60f0db9dc92aa283"

1496975411.858

I have tried

date {
match => [ "timestamp", "UNIX" ]
}

Been kicked from logstash servers

{message}], :response=>{"index"=>{"_index"=>"logstash-%{vector}-2017-06-08", "_type"=>"custom_ats_2", "_id"=>"AVyIt25Nac58shWVO-gZ", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [timestamp]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: "1496932309.605" is malformed at "932309.605""}}}}}
[2017-06-08T10:02:57,946][WARN ][logstash.outputs.elasticsearch] Failed action. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-%{vector}-2017-06-08", :_type=>"custom_ats_2", :_routing=>nil}, 2017-06-08T14:31:49.625Z ccdn-ats-tk-vbn-01.newcastlerdc.de.panjde.comcast.net %

Jaxon_Kochel · June 9, 2017, 8:26pm

do you even have a timestamp?

Ravikumar_G · June 13, 2017, 5:30pm

Yes i can see this event time stamp after converting to human readable

1496975411.858

Ravikumar_G · June 13, 2017, 5:32pm

1496975411.858
Timestamp to Human date [batch convert timestamps to human dates]
GMT: Friday, June 9, 2017 2:30:11.858 AM
Your time zone: Thursday, June 8, 2017 10:30:11.858 PM GMT-04:00 DST

system · July 11, 2017, 5:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.