How to transform a timestamp in ms to datetime format?

cdeng · April 17, 2018, 4:56am

for example, i want to tranform a timestamp like 1514736000000 to a datetime format 2018-01-01 00:00:00.000.

also can we directly compare the datetime with > < == or != ?

jochen · April 17, 2018, 7:43am

Graylog 3.0.0 will come with a pipeline function for that: parse_unix_milliseconds().

In Graylog 2.x, there’s unfortunately no simple way to achieve this, since parse_date() doesn’t support creating a date from a UNIX epoch timestamp.

You can try the workaround described in Epoch time to readable datetime stamp.

cdeng · April 18, 2018, 9:11am

it seems when i compare an DateTime object to each other with < or >. systemctl try to cast it into long, and all input message stuck in message journal:

and error report by graylog:

2018-04-18T17:02:46.446+08:00 WARN  [ProcessBufferProcessor] Unable to process message <430acce0-42e7-11e8-86d6-525400cde656>: java.lang.ClassCastException: org.joda.time.DateTime cannot be cast to java.lang.Long

after rewrite the pipeline rules, how to restart to processing those messages in journal?

cdeng · April 18, 2018, 12:42pm

after correct the rules, the processing of message journal move forward.

cdeng · April 18, 2018, 2:12pm

on this other side, can we convert a datetime to long ? i just need compare the log time to now() to make sure the log time is not later than time we analysis it. of course if there is a compare methods(==, !=, <, >, <=, >= ) implementation between datetime objects would be great.

cdeng · April 18, 2018, 2:48pm

it seems that i got wrong datetime by this way.

my caculation as:

	let epoch = parse_date("1970-01-01 00:00:00.000", "yyyy-MM-dd HH:mm:ss.SSS");
	let ts_ms = to_long($message.x2_procedure_end_time_input);
	let end_time = format_date(epoch + millis(ts_ms),"yyyy-MM-dd HH:mm:ss.SSS","+08:00");
	set_field("x2_procedure_end_ms",ts_ms);
	set_field("x2_procedure_end_time",end_time);
	remove_field("x2_procedure_end_time_input");

but i got a result as:

where 1519488016350 should be beijing time 2018-02-25 00:00:16.350 instead of 1970-01-26 04:31:23.647

cdeng · April 19, 2018, 2:10am

eventually found can be caculated as following:

	let epoch = parse_date("1970-01-01 00:00:00.000", "yyyy-MM-dd HH:mm:ss.SSS");
	let ts_ms = to_long($message.x2_procedure_end_time_input);
	let end_time = to_date(epoch + seconds(ts_ms/1000) + millis(ts_ms%1000),"+08:00");
	set_field("x2_procedure_end_ms",ts_ms);
	set_field("x2_procedure_end_time",format_date(end_time,"yyyy-MM-dd HH:mm:ss.SSS","+08:00"));
	remove_field("x2_procedure_end_time_input");

but i cannot achieve a “>” compare between log time and now() in the when condition.

system · May 3, 2018, 11:13am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Replace Timestamp with extracted timestamp issue Graylog Central (peer support) timestamp	6	2707	July 21, 2022
Epoch time to readable datetime stamp Graylog Central (peer support)	8	6597	November 16, 2017
Changing timestamp to servertime recieved Graylog Central (peer support) pipeline-rules , time-stamp-issuespl	9	7561	January 31, 2018
Extract Timestamp from Log and apply it to the index Graylog Central (peer support)	2	3857	May 4, 2018
Nginx log access time stamps cannot be converted Graylog Central (peer support) pipeline-rules , time-stamp-issuespl	7	2554	June 11, 2018

How to transform a timestamp in ms to datetime format?

Related Topics