How to create configure date filter data nested

Rizky_Hudha · December 17, 2021, 8:11am

I have some nested data in my log in the form of unix time, and I am trying to convert it to a time stamp, this is an example of the data I want to convert into a time stamp,

{
  "upstream_uri": "\/request",
   "route": {
         "response_buffering": true,
         "https_redirect_status_code": 426,
         "preserve_host": false,
         "strip_path": true,
        "created_at": 1629982852,
        "updated_at": 1629987382,
    }
}

And this my configuration


filter {
    date {
        match => ["[route,created_at]","UNIX_MS"]
    }
}

I've tried some changes in the date filter but still no change

Alex_Marquardt · December 17, 2021, 11:27am

I think your input json should not have a comma after the "udated_at" line to be valid json. Also, the timestamp looks like it is not milliseconds. Also, you should modify the syntax for accessing the sub-object.

The following works:


  generator {
    lines => [
     '{"upstream_uri": "\/request", "route": {"created_at": 1629982852}}'
    ]
    count => 1
    codec =>  "json"

  }

}
filter {
    date {
        match => ["[route][created_at]","UNIX"]
        target => ["timestamp_created_at"]
    }
}

output {
  stdout { }
}

And creates the following output:

{
                "@version" => "1",
                   "route" => {
        "created_at" => 1629982852
    },
                    "host" => "New2020MacBook.lan",
                "sequence" => 0,
              "@timestamp" => 2021-12-17T11:24:25.506Z,
            "upstream_uri" => "/request",
    "timestamp_created_at" => 2021-08-26T13:00:52.000Z
}

system · January 14, 2022, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.