Reading Epoch As @timestamp

ES_USER1 · October 21, 2014, 11:43am

For the life of me my Google searching has not revealed any solution to
this at least none that work for me. I have log data with an Epoch
timestamp in it and would like to use the date filter in Logstash to
overwrite @timestamp with the appropriate converted timestamp derived from
that epoch. Any insight on this would be much appreciated.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4bd3b3d1-ed8f-4212-92dc-4c7496d7c88d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

vineeth_mohan_2 · October 21, 2014, 12:12pm

Hi ,

What exactly do you mean by "overwrite @timestamp".
It would be also helpful if you can quite an example.

Thanks
Vineeth

On Tue, Oct 21, 2014 at 5:13 PM, ES USER es.user.2014@gmail.com wrote:

For the life of me my Google searching has not revealed any solution to
this at least none that work for me. I have log data with an Epoch
timestamp in it and would like to use the date filter in Logstash to
overwrite @timestamp with the appropriate converted timestamp derived from
that epoch. Any insight on this would be much appreciated.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4bd3b3d1-ed8f-4212-92dc-4c7496d7c88d%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/4bd3b3d1-ed8f-4212-92dc-4c7496d7c88d%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAGdPd5nPPWmb6FA8y60vrYXR2%3D8B-NJOf_k_ZUEdGyOuUYV1gQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Antonio_Augusto_Sant · October 21, 2014, 2:08pm

If you are using logstash to push your events do ES you need something like
this:

date {
match => [ "<field_with_the_epoch>", "UNIX" ]
}

Read more about it here: Date filter plugin | Logstash Reference [8.11] | Elastic

On Tuesday, October 21, 2014 8:43:08 AM UTC-3, ES USER wrote:

For the life of me my Google searching has not revealed any solution to
this at least none that work for me. I have log data with an Epoch
timestamp in it and would like to use the date filter in Logstash to
overwrite @timestamp with the appropriate converted timestamp derived from
that epoch. Any insight on this would be much appreciated.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ee39dee4-b113-4fcf-80d6-4d4e7063afc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

vineeth_mohan_2 · October 22, 2014, 5:08am

Hello Antonio ,

I am aware of this.
The example you have quoted should actually work.
Why do you feel that its not working.

Thanks
Vineeth

On Tue, Oct 21, 2014 at 7:38 PM, Antonio Augusto Santos mkhaos7@gmail.com
wrote:

If you are using logstash to push your events do ES you need something
like this:

date {
match => [ "<field_with_the_epoch>", "UNIX" ]
}

Read more about it here: Date filter plugin | Logstash Reference [8.11] | Elastic

On Tuesday, October 21, 2014 8:43:08 AM UTC-3, ES USER wrote:

For the life of me my Google searching has not revealed any solution to
this at least none that work for me. I have log data with an Epoch
timestamp in it and would like to use the date filter in Logstash to
overwrite @timestamp with the appropriate converted timestamp derived from
that epoch. Any insight on this would be much appreciated.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ee39dee4-b113-4fcf-80d6-4d4e7063afc9%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/ee39dee4-b113-4fcf-80d6-4d4e7063afc9%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAGdPd5krBWRsCEmEENm0O4oA6SCwUukzTrdQsTnbXbDNVcv1ow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

ES_USER1 · October 22, 2014, 2:25pm

Antonio's example works. My problem was a syntax issue as the Logstash
docs do not really have examples. I was not able to figure out the
formatting.

On Wednesday, October 22, 2014 1:08:33 AM UTC-4, vineeth mohan wrote:

Hello Antonio ,

I am aware of this.
The example you have quoted should actually work.
Why do you feel that its not working.

Thanks
Vineeth

On Tue, Oct 21, 2014 at 7:38 PM, Antonio Augusto Santos <mkh...@gmail.com
<javascript:>> wrote:

If you are using logstash to push your events do ES you need something
like this:

date {
match => [ "<field_with_the_epoch>", "UNIX" ]
}

Read more about it here: Date filter plugin | Logstash Reference [8.11] | Elastic

On Tuesday, October 21, 2014 8:43:08 AM UTC-3, ES USER wrote:

For the life of me my Google searching has not revealed any solution to
this at least none that work for me. I have log data with an Epoch
timestamp in it and would like to use the date filter in Logstash to
overwrite @timestamp with the appropriate converted timestamp derived from
that epoch. Any insight on this would be much appreciated.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ee39dee4-b113-4fcf-80d6-4d4e7063afc9%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/ee39dee4-b113-4fcf-80d6-4d4e7063afc9%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/cfd1699c-f41d-4501-a931-8887a9bbb585%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Topic		Replies	Views
Overwriting the @timestamp work on stdout but don't work on es Logstash	5	319	September 4, 2020
@timestamp Date Formatter in Elastic Search 1.1.1 .. Logstash 1.4.2 Elasticsearch	1	345	July 6, 2017
@timestamp - Epoch - Illegal Date Format exception Logstash	3	572	May 31, 2018
How to take EPOCH time as @timestamp Logstash	6	4174	July 6, 2017
CSV EPOCH to Timestamp Logstash	3	473	June 13, 2019

Reading Epoch As @timestamp

Related topics