UNIX_MS expects the input to be the time in milliseconds since the epoch, so to get the expected results you'll want full_timestamp to contain 1493741082289. You can use a ruby filter to divide event-microsecond by 1000 to turn it into milliseconds, then use a mutate filter to simply concatenate event-second and event-microsecond (with no intervening decimal point). Well, the concatenation could of course also be done with the same ruby filter.
1 Like