Parsing timestamp with extra digits

mladen · August 15, 2018, 12:05pm

Hello,

I have a problem with parsing my Timestamp log. Format is as follows:

2018-08-07 13:31:27.248097

As you can see I have three extra digits for thousandths of a second. I managed to solve it this way:

    mutate {
        split => { "Timestamp" => "." }
        add_field => {
            "DateTime" => "%{[Timestamp][0]}"
            "Secondsss" => "%{[Timestamp][1]}"
        }    
    }

    date {
        locale => "en"
        match => ["DateTime", "yyyy-MM-dd HH:mm:ss"]
        timezone => "Europe/Belgrade"
        target => "@timestamp"
    }

Is there any more elegant solution that will consume less processing time?

BR,
Mladen

Badger · August 15, 2018, 1:01pm

Why not use this?

"yyyy-MM-dd HH:mm:ss.SSSSSSS"

mladen · August 15, 2018, 1:27pm

Thanks a lot it works . Simplest solution is usually the best solution. I didn't now that I can use S six times .

BR,
Mladen

system · September 12, 2018, 1:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.