Need an epoch based timestamp for some purpose?  Logstash can convert timestamps from epoch to other formats but not vice-versa by default.  Ruby to the rescue!  Adjust the output field name to suite your need.

#####################
## Author: packetrevolt.com
#####################
## epoch timestamp
ruby { code => "event.set('[@metadata][epoc]', event.timestamp.to_i)" }
#####################

Leave a Reply

Close Menu