Mandragor
Reputation: 5544
How to convert a an unixtimestamp to a proper timestamp in logstash
I would like to extract the timestamp from the entry coming in the format below (and possibly also the programm name). How would I convert this entry into a proper logstash timestamp? I guess this can be done via a filter, but i have only examples where strings where extracted, but how would i convert this entry back to a date time string?
[36931.604673] anacron[502]: Job `cron.weekly' terminated
[36931.541637] anacron[502]: Job `cron.weekly' started
Upvotes: 0
Views: 1059
Answers (1)
pandaadb
Reputation: 6456
The date filter can parse unix timestamps.
This would be the filter:
date {
match => [ "message", "UNIX" ]
target => "my_timestamp"
}
Note:
Message will be the grok field you parse your timestamp to. The date filter will then come after.
I tested this with only the timestamp, and stdin/stdout gives:
artur@pandaadb:~/dev/logstash$ ./logstash-2.3.2/bin/logstash -f conf2/
Settings: Default pipeline workers: 8
Pipeline main started
36931.604673
{
"message" => "36931.604673",
"@version" => "1",
"@timestamp" => "2016-08-08T12:15:41.538Z",
"host" => "pandaadb",
"my_timestamp" => "1970-01-01T10:15:31.604Z"
}
You can read your docs here:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
Artur
Upvotes: 1
Related Questions
- Get timestamp in the log file by using .conf file logstash
- Converting date to UNIX time in Logstash
- Logstash Grok parsing timestamp field
- Logstash to convert epoch timestamp
- How to convert timeuuid to timestamp in ruby
- logstash convert time to date time
- Change field to timestamp
- logstash convert UTC time to long timestamp
- changing timestamp in logstash 1.4.1
- logstash. convert timestamp to UTC and add to field