What is the date format to be used with Logstash to match 9 digits millisecond

elasticheart · November 9, 2017, 11:29am

Hi,

I am using Logstash 5.6.3. I have a date time field in my log entry like 07-11-17 13:35:35.656000000 . I would like to use it as my @timestamp, so that I am using date filter to match it and target to @timestamp. As you can see, the millisecond part has 9 digits. If it had 3 digits, I would be using the below format refering this link

date {
    match => [ "datefield", "dd-MM-yy HH:mm:ss.SSS" ]
    target => "@timestamp"
}

Somebody kindly tell me how to match the filter to make use of 9 digits?

Thanks in advance.

Christian_Dahlqvist · November 9, 2017, 11:40am

That timestamp has microsecond precision (9 decimals). Unfortunately timestamps in Elasticsearch only go down to milliseconds (3 decimals) so I do not think you will be able to accurately represent that full timestamp in Elasticsearch. You may need to parse out the last 6 decimals and put these into a separate field.

system · December 7, 2017, 11:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.