What is the date format to be used with Logstash to match 9 digits millisecond

elasticheart · November 9, 2017, 11:29am

Hi,

I am using Logstash 5.6.3. I have a date time field in my log entry like 07-11-17 13:35:35.656000000 . I would like to use it as my @timestamp, so that I am using date filter to match it and target to @timestamp. As you can see, the millisecond part has 9 digits. If it had 3 digits, I would be using the below format refering this link

date {
    match => [ "datefield", "dd-MM-yy HH:mm:ss.SSS" ]
    target => "@timestamp"
}

Somebody kindly tell me how to match the filter to make use of 9 digits?

Thanks in advance.

Christian_Dahlqvist · November 9, 2017, 11:40am

That timestamp has microsecond precision (9 decimals). Unfortunately timestamps in Elasticsearch only go down to milliseconds (3 decimals) so I do not think you will be able to accurately represent that full timestamp in Elasticsearch. You may need to parse out the last 6 decimals and put these into a separate field.

system · December 7, 2017, 11:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date Format is Malformed Logstash	5	710	October 31, 2018
Logstash date filter convert @timestamp to timestamp in log file issue Logstash	3	423	September 18, 2019
Logstash date filter truncating milliseconds when they are set to 000 Logstash	3	353	April 12, 2023
Date format for YYYY-mm-dd HH:mm:ss,SSS? Logstash	11	61973	May 2, 2017
Logstash/ES date format issue Logstash	7	2374	July 6, 2017

What is the date format to be used with Logstash to match 9 digits millisecond

Related topics