We have a server that is currently not forwarding logs for ingesting into elasticsearch. We are about to change that but want to ingest an existing year's worth of logs first.
So that we can run time based searches in kibana, we would like the @timestamp to reflect the syslog_timestamp rather than the time logstash processed the file which I believe is the default. Is this possible and if so, can someone please give me a hint about how. Much appreciate any assistance with this.
Regards, Andrew.
Hi @amhulli - I believe we had related topics around this - for example here. The idea would be to use the date filter plugin.
I hope that helps.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.