shimpi
February 6, 2019, 1:29am
1
I'm parsing tomcat log
2019-01-31 23:25:27,421 INFO SNOW FAA31C764BD69D829C09715487B1E923 [Thread-16]
using:
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:date} %{LOGLEVEL:loglevel} %{WORD:GW} %{WORD:GUID}" }
}
It creates a date field: "date" => "2019-01-31 23:25:27,421",
Please help me convert this date into a long (epoc time)
Thanks in advance!
3 Likes
Badger
February 6, 2019, 1:43am
2
The format is
date { match => [ "date" , "YYYY-MM-dd HH:mm:ss,SSS" ] }
You cannot use @timestamp as the target for anything other than a LogStash::TimeStamp.
shimpi
February 6, 2019, 2:11am
3
Thanks for the response @Badger . I was searching around, but at end could not figure out where's my long (epoc) time?
What I would really want to do is, keep the date field intact and copy the corresponding long in new field, which I could use later.
Thanks in advance!
1 Like
Badger
February 6, 2019, 1:22pm
4
If you want epoch in millis then use this (remove to_s if you want a long rather than a string)
ruby { code => "event.set('epoch', ((event.get('@timestamp').to_f*1000).to_i).to_s)" }
In seconds
ruby { code => "event.set('epoch', event.get('@timestamp').to_i)" }
2 Likes
shimpi
February 6, 2019, 6:40pm
5
Thanks @Badger again for helping me!
1 Like
system
(system)
Closed
March 6, 2019, 6:40pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.