How to take EPOCH time as @timestamp

vikas_gopal · October 21, 2015, 12:53pm

Hi Experts,

I have a filed which has EPOCH time in it e.g "1443463933000". I want to use it as a @ timestamp filed in kibana . So this is what I have done .

Step 1
--> In logstash i used a date filter and set target to this filed i.e
date {
match => ["rt","UNIX"]
target => "rt"
}
Step 2
In mapping I set this field to date type i.e
"mapping": {
"rt": {
"type": "date",
"format": "dateOptionalTime"
}
}

Step3
Now when I am selecting index based on this time in Kibana i got nothing , kibana says no result found .

Is there anything which I need to take care of ?

Thanks
VG

vikas_gopal · October 21, 2015, 2:49pm

Any Suggestion please ?

vikas_gopal · October 21, 2015, 3:14pm

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

theuntergeek · October 21, 2015, 3:29pm

It looks like you should be using UNIX_MS in your match statement as your number appears to be epoch plus milliseconds.

vikas_gopal · October 21, 2015, 3:31pm

Thank You Aaron, It works for me, but I am getting kind of warnings in LS console

theuntergeek · October 21, 2015, 3:46pm

That's a completely different topic, there. From what I can see, it appears that non-UTF8 data is being sent. You may need to fix your input to coerce a type, or something. Again, please ask that in a different topic as it's no longer relevant to this one.