This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Parsing UNIX MS Timestamp

Posted on 01-21-2025 07:40 AM
samryanturner
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Can someone provide a code snippet for parsing unix_ms from the field 'timestamp' in a json log? I'm in a documentation rabbit hole and just need some fresh eyes.

I get 'unsupported timestamp value format float64' but can't see a function to convert.

Solved Solved
1 2 151
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
cbryant
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

This should be what you are looking for: 

mutate {
    convert => {
        "timestamp" => "string"
    }
}

date {
    match => [
        "timestamp",
        "UNIX",
        "UNIXMS"
    ]
    on_error => "no_date_match"
}

reference:

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
cbryant
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

This should be what you are looking for: 

mutate {
    convert => {
        "timestamp" => "string"
    }
}

date {
    match => [
        "timestamp",
        "UNIX",
        "UNIXMS"
    ]
    on_error => "no_date_match"
}

reference:

Jump to Solution

Posted on --/--/---- --:-- AM
samryanturner
Bronze 5
Bronze 5
In response to cbryant
Reply posted on --/--/---- --:-- AM

Thank you, worked like a charm.

Jump to Solution
0 Likes
Top Solution Authors
View all