Unix_ms time to date

elasticforme · February 20, 2020, 8:00pm

I have date_time = 1582225804228
which is Thursday, February 20, 2020 1:10:04.228

when I use following filter it convert that to 2020-02-20T19:10:04.228Z ( which is UTC) time format

But I also want another field created with it which represent CST = 2020-02-20T01:10

this is my code but it didn't work

-- Follwoing works- output to -  2020-02-20T19:10:04.228Z (UTC)

date { match => ["date_time", "UNIX_MS","ISO8601"]
      target => "date_time"
   }


-- This do not work what ever I do. it still print time in UTC i.e 19:10
date {   match => ["date_time_timezone", "UNIX_MS","ISO8601"]
      timezone => "CST6CDT"
      target => "date_time_timezone"
   }

How do I convert this in to -6 hour ?

ITIC · February 21, 2020, 7:15am

Hi

To convert time to your local time you can use a ruby{} filter like this:

  date { match => ["date_time", "UNIX_MS","ISO8601"]
             target => "date_time"
        }

  ruby {
    code => "
      event.set('date_time_timezone', event.get('date_time').time.localtime.strftime('%Y-%m-%d %H:%M:%S'))
    "
  }

Adjust the time format to match your needs.

Hope this helps

elasticforme · February 21, 2020, 3:36pm

@ITIC this is exactly what I wanted. Thank you

I just did add following after ruby. that made that time exactly same as my local time.
and now I have two timestamp in index one is UTC one is local.
kibana I use UTC time
sql I use local time.

   date { match => ["date_time_timezone", "yyyy-MM-dd HH:mm:ss"]
      timezone => "Etc/UTC"
      target => "date_time_timezone"
   }

system · March 20, 2020, 3:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.