To format a timestamp as a string, use a ruby filter and strftime. There is an example here. To prepend it to the message field you can use
mutate { replace => { "message" => "%{[@metadata][someField]} %{message}" } }To format a timestamp as a string, use a ruby filter and strftime. There is an example here. To prepend it to the message field you can use
mutate { replace => { "message" => "%{[@metadata][someField]} %{message}" } }© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.