Answer the question
In order to leave comments, you need to log in
Timestamp in logstash, elasticsearch, kibana
Tell me please.
When sending a log to logstash, inside the log there is the date it was generated by some application. This date is read by me in @timestamp inside logstash. Is it possible to replace the time displayed as the time the log was received in kibana with this time? And if possible, at what stage (in logstash, elasticsearch or kibana)? Can you give an example of a setting if such actions are possible?
Answer the question
In order to leave comments, you need to log in
Still relevant? Just today I started tinkering with all this after my question What is a web application for searching log files?
Determining the date is done in the logstash step:
filter {
grok {
type => "test"
pattern => "%{TIMESTAMP_ISO8601:timestamp}"
}
date {
type => "test"
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
}
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question