TechQA.

Logstash parsing unix time in milliseconds since epoch

14.8k views Asked by At

I am trying to match unix time in milliseconds since epoch in logstash/grok using the UNIX_MS pattern and I am getting :

pattern %{UNIX_MS:timestamp} not defined

The UNIX_MS is defined Logstash Date Log, and when I run with --configtest, the test passes, so I would expect this to work.

Example input: 1415731504.54126,metric1,130

My .conf:

filter {
    grok {
     match => [ "message", "%{UNIX_MS:timestamp},%{WORD:metric_type},%{BASE16FLOAT:value}" ]
    }
}
elasticsearch logstash grok
Original Q&A
1

There are 1 answers

3
Alain Collins On BEST ANSWER

UNIX_MS is marked on that pages as a "special exception". You can see in the grok debugger that it doesn't work in a "match".

%{NUMBER:timestamp} will give you the field.

Related Questions in ELASTICSEARCH

Related Questions in LOGSTASH

Related Questions in GROK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions