A
A
almalm2013-12-09 18:05:59
elasticsearch
almalm, 2013-12-09 18:05:59

Timestamp in logstash, elasticsearch, kibana

Tell me please.
When sending a log to logstash, inside the log there is the date it was generated by some application. This date is read by me in @timestamp inside logstash. Is it possible to replace the time displayed as the time the log was received in kibana with this time? And if possible, at what stage (in logstash, elasticsearch or kibana)? Can you give an example of a setting if such actions are possible?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vsevolod, 2014-01-22
@sevka_fedoroff

Still relevant? Just today I started tinkering with all this after my question What is a web application for searching log files?
Determining the date is done in the logstash step:

filter {
  grok {
    type => "test"
    pattern => "%{TIMESTAMP_ISO8601:timestamp}"
  }
  date {
    type => "test"
    match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
  }
}

I have my own custom log with a date like "2014-01-22 17:21:00"

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question