Custom timestamp

scaarup · September 13, 2015, 11:03am

Hi guys. I would like kibana to use my timestamp which are in the logfiles fed from logstash.

My logstash conf looks like:

filter {
if [type] == "dibslog" {
grok {
match => { "message" => "%{DIBSLOG}" }
remove_field => [ "message" ]
}
mutate {
add_field => { "syslogtimestamp" => "%{month} %{day} %{time}" }
}
geoip {
source => "clientip"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
remove_field => [ "month","day","time","host","offset","file"]
}
date {
match => [ "syslogtimestamp", "MMM dd HH:mm:ss", "MMM d HH:mm:ss" ]
}
}
}

And I actually have the field in Kibana with my syslogtimestamp - example: "Sep 13 13:01:07".

But during kibana's index pattern configuration, Kibana does not show syslogtimestamp on the list of time-fields...

I have added syslogtimestamp to the list of metaFields, but that didn't help.

warkolm · September 13, 2015, 11:19am

What does the mapping for that field look like in ES?

scaarup · September 13, 2015, 11:48am

It is a string, unfortunately...

scaarup · September 13, 2015, 2:23pm

Okay, it is actually working. I have just misunderstood how. It actually updates a different field, @timestamp, which render my own, syslogtimestamp, useless. Fine as it is.

Topic		Replies	Views
Time column it's different than @timestamp field in kibana Kibana elastic-stack-monitoring	3	131	April 8, 2024
Can logstash use syslog time as @timestamp Logstash	2	583	March 6, 2020
Copying @timestamp in custom field not working Logstash	5	1894	July 6, 2017
Change @timestamp to time from actual log file Logstash	6	1726	October 9, 2017
No data when custom timestamp is used for Time-field while adding new index Kibana	4	1329	April 6, 2017

Custom timestamp

Related topics