Hey,
I have an index which is loaded with aggregated data each day at same time, like so:
I'm trying to use logstash in order to migrate the data to another ES cluster in order to use machine learning capabilities there.
When I migrate the data the @timestamp is the time of the addition to the new index.
I don't want this behavior, and instead want to get the date of the original index from key.date field.
For example if the aggregated document was aggregated in 9.5.2021 I want the timestamp of the document remain the same and not change to be the addition date.
[ The date format of the first index is: 05-15-2021 ]
I've tried using filter in my logstash for this cause, like so:
filter
{
mutate {
convert => { "key.date" => "string" }
}
date {
match => ["key.date", "MM-dd-yyyy"]
target => "@timestamp"
}
}
But the @timestamp still picks the current time of the addition to the new index.
Is there anything I'm missing here?