Skip to main content

Hello Community,

I have been encountering an error while trying to parse the timestamps in the log below,

To parse the above timesamps, I've attached my code and the error,

date {
    match => ["created", "UNIX_MS", "UNIX"]
    target => "event.idm.read_only_udm.metadata.collected_timestamp"
    # on_error => "no_match"
  }
 
Snip of error:

As per my understanding, the timestamp is in float and not matching with the date functions like "UNIX" or "UNIX_MS"

Can someone please help m to figure out this problem?

Thanks,
Sudeep

Hello sudeep,

I tried converting the timestamp to string and it's parsing.

Here's the code snipped for your reference:

filter {
mutate {
replace => {
"event.idm.read_only_udm.metadata.event_type" => "GENERIC_EVENT"
}
}
json {
source => "message"
array_function => "split_columns"
on_error => "zerror.not_json1"
}
mutate {
convert => {
"created" => "string"
}
}
date {
match => ["created", "UNIX_MS"]
target => "event.idm.read_only_udm.metadata.collected_timestamp"
# on_error => "no_match"
}
mutate {
merge => {
"@output" => "event"
}
}
}

 



Hope that helps!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.