Hi, I want to replace the "@timestamp" date with the timestamp date of the logs.
my logs format:
2018-09-13 09:53:15,547 [Process-333016][Thread-4] Browser.Info(158) INFO - [CCB 6217003360005849707] page status: complete
i have tried this,
PUT /_ingest/pipeline/logpipeline2
{
"description" : "Pipeline for logs from filebeat2",
"processors": [
{
"grok": {
"field": "message",
"patterns": ["%{TIMESTAMP_ISO8601:logtimestamp} (?< message >(.|\r|\n)*)"]
},
"date" : {
"field" : "logtimestamp",
"target_field" : "@timestamp",
"formats" : ["YYYY-MM-dd HH:mm:ss,SSS"]
}
}
]
}
cant find what is the issue becuase theres no errors shows on elastisearch.log and on filebeat.log.
anyone encounter the same issue?