I want to take the value from @timestamp, format it like "yyyy MM dd HH:mm:ss" and prepend it to the message field. Input data is syslog in json format.
To format a timestamp as a string, use a ruby filter and strftime. There is an example here. To prepend it to the message field you can use
mutate { replace => { "message" => "%{[@metadata][someField]} %{message}" } }This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.