I have some nested data in my log in the form of unix time, and I am trying to convert it to a time stamp, this is an example of the data I want to convert into a time stamp,
{
"upstream_uri": "\/request",
"route": {
"response_buffering": true,
"https_redirect_status_code": 426,
"preserve_host": false,
"strip_path": true,
"created_at": 1629982852,
"updated_at": 1629987382,
}
}
And this my configuration
filter {
date {
match => ["[route,created_at]","UNIX_MS"]
}
}
I've tried some changes in the date filter but still no change
I think your input json should not have a comma after the "udated_at" line to be valid json. Also, the timestamp looks like it is not milliseconds. Also, you should modify the syntax for accessing the sub-object.
The following works:
generator {
lines => [
'{"upstream_uri": "\/request", "route": {"created_at": 1629982852}}'
]
count => 1
codec => "json"
}
}
filter {
date {
match => ["[route][created_at]","UNIX"]
target => ["timestamp_created_at"]
}
}
output {
stdout { }
}
And creates the following output:
{
"@version" => "1",
"route" => {
"created_at" => 1629982852
},
"host" => "New2020MacBook.lan",
"sequence" => 0,
"@timestamp" => 2021-12-17T11:24:25.506Z,
"upstream_uri" => "/request",
"timestamp_created_at" => 2021-08-26T13:00:52.000Z
}