Parse 4 digit millisecond timestamp in correct format and then replace @timestamp with log_timestamp

Elastic Stack Logstash
1

I have log time in 4 digit milliseconds
2018-08-30 22:44:34.1524 13273641624629889532273 Error Error saving Api Log data

Tried this to parse it in correct time format but it doesn't work. I have to replace the @timestamp time with log_timestamp

grok
{
match => { "message" => "%{TIMESTAMP_ISO8601:log_timestamp} %{WORD:token} %{LOGLEVEL:loglevel}" }
}
date {
match => [ "log_timestamp","UNIX_MS" ]
target => "logTime"
remove_field => ["log_timestamp"]
match => ["logTime", "YYYY-MM-dd HH:mm:ss,SSS", "YYYY-MM-dd HH:mm:ss", "ISO8601"]
add_field => { "Status" => "Matched"}
remove_field => ["logTime"]
}
}
}
I would appreciate the help on converting this epoch time format to the one which ELK supports.

2

Hello,

Check this link

https://discuss.elastic.co/t/what-is-the-date-format-to-be-used-with-logstash-to-match-9-digits-millisecond/107032/2

3

i saw that, it says "You may need to parse out the last 6 decimals and put these into a separate field."

how to do this?

4

@magnusbaeck Can you help please?

5

Can anybody help with this issue? I need to parse 4 digit millisecond timestamp in ELK supported format?

6

I haven't tried this yet but you can use gsub to get last 4 decimals and store in other field
then you can merge that field with time field

Problem is,, this newly created field will be string

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.