What is the date format to be used with Logstash to match 9 digits millisecond

elasticheart · November 9, 2017, 11:29am

Hi,

I am using Logstash 5.6.3. I have a date time field in my log entry like 07-11-17 13:35:35.656000000 . I would like to use it as my @timestamp, so that I am using date filter to match it and target to @timestamp. As you can see, the millisecond part has 9 digits. If it had 3 digits, I would be using the below format refering this link

date {
    match => [ "datefield", "dd-MM-yy HH:mm:ss.SSS" ]
    target => "@timestamp"
}

Somebody kindly tell me how to match the filter to make use of 9 digits?

Thanks in advance.

Christian_Dahlqvist · November 9, 2017, 11:40am

That timestamp has microsecond precision (9 decimals). Unfortunately timestamps in Elasticsearch only go down to milliseconds (3 decimals) so I do not think you will be able to accurately represent that full timestamp in Elasticsearch. You may need to parse out the last 6 decimals and put these into a separate field.

system · December 7, 2017, 11:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash date filter truncating milliseconds when they are set to 000 Logstash	3	352	April 12, 2023
Date filter in logstash Logstash	7	844	February 13, 2022
Date format for YYYY-mm-dd HH:mm:ss,SSS? Logstash	11	61930	May 2, 2017
Logstash/ES date format issue Logstash	7	2374	July 6, 2017
Logstash 8.0 @timestamp with nanoseconds precision Logstash	2	585	February 18, 2022

What is the date format to be used with Logstash to match 9 digits millisecond

Related Topics