Logstash timestamp appearing as text in Elasticsearch

khat33b · September 12, 2019, 11:07am

I am using Elasticsearch 7.3.1 and Logstash 7.3.1. I am trying to make a field of mine as the Elasticsearch timestamp using the date filter. The data is being inserted properly but the type of @timestamp is coming text. How do I fix this?

My input timestamp is like 1567408605794750813. My code is:

input {
  elasticsearch {
    hosts => "x.x.x.x"
    index => "raw"
    docinfo => true
  }
}
filter {
  mutate {
    convert => {
      "timestamp" => "integer"
    }
  }
  date {
    match => ["timestamp", "UNIX_MS", "ISO8601"]
    target => "@timestamp"
  }
}
output {
  elasticsearch {
    index => "logs-%{app_name}"
    document_id => "%{[@metadata][_id]}"
  }
}

After running the mapping API, I get

"@timestamp" : {
  "type" : "text",
  "fields" : {
    "keyword" : {
      "type" : "keyword",
      "ignore_above" : 256
    }
  }
}

Christian_Dahlqvist · September 14, 2019, 10:29am

As far as I can see that time stamp is not in milliseconds, but rather nanoseconds or similar which is not supported by Elasticsearch.

system · October 12, 2019, 10:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JSON timestamp coming as text Logstash	7	396	November 24, 2023
Issue with grok and timestamp field in apache logs Logstash	3	1152	July 6, 2017
My timestamp can't get converted to a date type Logstash	8	4326	June 27, 2017
Time Filter field name: @timestamp Logstash	2	2099	May 9, 2019
@timestamp - Epoch - Illegal Date Format exception Logstash	3	572	May 31, 2018

Logstash timestamp appearing as text in Elasticsearch

Related topics