below is my log line , I use the json filter and that works perfectly fine. I just need to get the log time stamp sorted in a readable format .
timestamp:"unix timestamp, in nanoseconds, when the log message was created"

"timestamp": 1497360775545000192,

trying this and isn't working
mutate {

rename field from 'name' to 'browser_name'

rename => { "timestamp" => "logtimestamp" }
}
mutate {
convert => {"logtimestamp" => "integer" }
}

date {
match => ["logtimestamp", "UNIX" ]
target => "logTimestamp_updated"
}

The UNIX pattern assumes the input is seconds but you have nanoseconds. I suggest you use UNIX_MS instead and remove the six last digits of timestamp to turn it into milliseconds. You can use a mutate filter's gsub option to trim digits off the tail end.

Thanks so much for your reply !
It works perfect now!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.