Parsing timestamp with extra digits

mladen · August 15, 2018, 12:05pm

Hello,

I have a problem with parsing my Timestamp log. Format is as follows:

2018-08-07 13:31:27.248097

As you can see I have three extra digits for thousandths of a second. I managed to solve it this way:

    mutate {
        split => { "Timestamp" => "." }
        add_field => {
            "DateTime" => "%{[Timestamp][0]}"
            "Secondsss" => "%{[Timestamp][1]}"
        }    
    }

    date {
        locale => "en"
        match => ["DateTime", "yyyy-MM-dd HH:mm:ss"]
        timezone => "Europe/Belgrade"
        target => "@timestamp"
    }

Is there any more elegant solution that will consume less processing time?

BR,
Mladen

Badger · August 15, 2018, 1:01pm

Why not use this?

"yyyy-MM-dd HH:mm:ss.SSSSSSS"

mladen · August 15, 2018, 1:27pm

Thanks a lot it works . Simplest solution is usually the best solution. I didn't now that I can use S six times .

BR,
Mladen

system · September 12, 2018, 1:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing date format Logstash	3	992	May 7, 2021
Filter with spaces and extra pattern Logstash	3	334	March 6, 2020
Need a date parser for my custom date fielsd Logstash	3	1263	July 6, 2017
Problems parsing time in logstash with date filter Logstash	2	2204	January 26, 2018
Error when DATESTAMP pattern is used to parse the log_timestamp Logstash	2	435	April 5, 2017

Parsing timestamp with extra digits

Related topics