How to take EPOCH time as @timestamp

vikas_gopal · October 21, 2015, 12:53pm

Hi Experts,

I have a filed which has EPOCH time in it e.g "1443463933000". I want to use it as a @ timestamp filed in kibana . So this is what I have done .

Step 1
--> In logstash i used a date filter and set target to this filed i.e
date {
match => ["rt","UNIX"]
target => "rt"
}
Step 2
In mapping I set this field to date type i.e
"mapping": {
"rt": {
"type": "date",
"format": "dateOptionalTime"
}
}

Step3
Now when I am selecting index based on this time in Kibana i got nothing , kibana says no result found .

Is there anything which I need to take care of ?

Thanks
VG

vikas_gopal · October 21, 2015, 2:49pm

Any Suggestion please ?

vikas_gopal · October 21, 2015, 3:14pm

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

theuntergeek · October 21, 2015, 3:29pm

It looks like you should be using UNIX_MS in your match statement as your number appears to be epoch plus milliseconds.

vikas_gopal · October 21, 2015, 3:31pm

Thank You Aaron, It works for me, but I am getting kind of warnings in LS console

theuntergeek · October 21, 2015, 3:46pm

That's a completely different topic, there. From what I can see, it appears that non-UTF8 data is being sent. You may need to fix your input to coerce a type, or something. Again, please ask that in a different topic as it's no longer relevant to this one.

Topic		Replies	Views
Convert epoch milli to datetime Logstash	6	4863	December 19, 2018
Convert UNIX epoch to local time Logstash	6	4824	May 8, 2017
EPOCH Parsing \| Logstash Logstash	7	1512	March 25, 2020
Convert Epoch time to "yyyy/MM/dd HH:mm:ss.SSS" Logstash	3	839	January 17, 2019
Kibana 4.1.1 unable to map timestamp which is in UNIX Epoch format Kibana	9	11322	July 6, 2017

How to take EPOCH time as @timestamp

Related topics