Reputation: 435
logstash convert UTC time to long timestamp
i have a request, convert log's time format such as yyyy-MM-dd HH:mm:ss to a long timestamp, but i don't know how to set it in logstash plugin date , anyway suggest will be grateful !
Upvotes: 1
Views: 2302
Answers (2)
Reputation: 7890
You can use a Ruby plugin to do conversion. Here is the sample config
input {
stdin {
}
}
filter {
ruby {
code => "
# yyyy-MM-dd HH:mm:ss
event['parseTime'] = Time.parse(event['message']).to_i
"
}
}
output {
stdout{codec => "rubydebug"}
}
Sample Input:
2015-11-03 15:00:11
Sample Output:
{
"message" => "2015-11-03 15:00:11",
"@version" => "1",
"@timestamp" => "2015-11-03T08:31:27.419Z",
"host" => "BEN_LIM",
"parseTime" => 1446534011
}
The parseTime field is in Timestamp format.
Upvotes: 0
Reputation: 16362
The date{} filter takes two arguments: the field that contains the date string, and another string that specifies the format. The default output is to overwrite the @timestamp field, which is the default document date used by elasticsearch (and kibana).
By converting it to a date, you get to do all the magic elasticsearch date-type stuff with it (like comparing it to 'now', etc).
Upvotes: 1
Related Questions
- How to change date format in logstash
- how to define timezone in logstash timestamp
- Convert log message timestamp to UTC before storing it in Elasticsearch
- Converting date to UNIX time in Logstash
- Logstash to convert epoch timestamp
- logstash convert time to date time
- How to convert a an unixtimestamp to a proper timestamp in logstash
- changing timestamp in logstash 1.4.1
- Logstash timestamp issue - the parsed value is one hour behind the log value
- logstash. convert timestamp to UTC and add to field