Determining custom timestamp for new index does not work

Roy_Levy · May 16, 2021, 10:27am

Hey,

I have an index which is loaded with aggregated data each day at same time, like so:

I'm trying to use logstash in order to migrate the data to another ES cluster in order to use machine learning capabilities there.

When I migrate the data the @timestamp is the time of the addition to the new index.
I don't want this behavior, and instead want to get the date of the original index from key.date field.

For example if the aggregated document was aggregated in 9.5.2021 I want the timestamp of the document remain the same and not change to be the addition date.

[ The date format of the first index is: 05-15-2021 ]

I've tried using filter in my logstash for this cause, like so:

filter
{
        mutate {
                convert => { "key.date" => "string" }
        }
        date {
                match => ["key.date", "MM-dd-yyyy"]
                target => "@timestamp"
        }
}

But the @timestamp still picks the current time of the addition to the new index.
Is there anything I'm missing here?

system · June 13, 2021, 10:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic @timestamp off by almost 3 years Elasticsearch	3	376	July 25, 2018
No data when custom timestamp is used for Time-field while adding new index Kibana	4	1329	April 6, 2017
Documents not getting indexed with custom timestamp Logstash	1	325	October 23, 2018
ELK stack - @timestamp issue Logstash	2	384	August 9, 2020
How does logstash chose which timestamped index to use? Elasticsearch	4	532	July 6, 2017

Determining custom timestamp for new index does not work

Related topics