How to convert parsed date into long (epoch time)

I'm parsing tomcat log

2019-01-31 23:25:27,421 INFO SNOW FAA31C764BD69D829C09715487B1E923 [Thread-16]

using:

grok {
match => { "message" => "%{TIMESTAMP_ISO8601:date} %{LOGLEVEL:loglevel} %{WORD:GW} %{WORD:GUID}" }
}

It creates a date field: "date" => "2019-01-31 23:25:27,421",

Please help me convert this date into a long (epoc time)

Thanks in advance!

The format is

    date { match => [ "date" , "YYYY-MM-dd HH:mm:ss,SSS" ] }

You cannot use @timestamp as the target for anything other than a LogStash::TimeStamp.

Thanks for the response @Badger. I was searching around, but at end could not figure out where's my long (epoc) time?

What I would really want to do is, keep the date field intact and copy the corresponding long in new field, which I could use later.

Thanks in advance!

If you want epoch in millis then use this (remove to_s if you want a long rather than a string)

ruby { code => "event.set('epoch', ((event.get('@timestamp').to_f*1000).to_i).to_s)" }

In seconds

ruby { code => "event.set('epoch', event.get('@timestamp').to_i)" }

Thanks @Badger again for helping me!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.