Hi,
My Filebeat is reading the time that the a log file is created as the timestamp. This is a problem since it does not read every message in the log with a unique time.
What I am trying to do is to parse a json that one of its terms will become the timestamp, that I will be able to get correct graphs. (through Kibana or filebeat)
Here is an example of such a json
{
"msg": "Hello",
"msgSubmissionTime": "1484752676968"
}
Many Thanks for any one who can help
hi @tomer,
I think you'll find better luck in the Beats forum indeed: cf. Changing a term in a json to become the timestamp from filebeat
One thing you can consider in Kibana (but I wouldn't recommend it), is using a scripted field to convert that time-stamp to a date. To get started, see https://www.elastic.co/guide/en/kibana/current/scripted-fields.html. That way, you'll convert the time-stamp on-the-fly at query-time instead of index-time.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.