Elastic Agent not matching @timestamp

Cara410 · October 18, 2023, 9:19pm

Hello,
I migrated to Elastic Agent from Filebeat and I am having trouble getting the log timestamp to match the @timestamp. My configuration goes from Elastic Agent -> Logstash -> elasticsearch. I have this in my elastic-agent-pipeline.conf:

date {
         match => [ "tstamp", "yyyy-MM-dd HH:mm:ss.SSS", "ISO8601", "yyyy-MM-dd HH:mm:ss" ]
}
mutate {
	remove_field => ["tstamp"]
 }

It just seems to ignore it completely, no date parse failure or anything.

Any suggestions?

system · November 15, 2023, 9:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
@Timestamp is not matching event timestamp _dateparsefailure Logstash	3	162	November 2, 2023
Make @timestamp the same as Log's timestamp Logstash	5	303	July 21, 2019
Replacing @timestamp correctly Logstash	9	455	March 13, 2019
Replacing @timestamp with timestamp of my log Logstash	18	12649	January 5, 2017
@timestamp not matching date parsed, apache logs Logstash	3	2799	July 6, 2017

Elastic Agent not matching @timestamp

Related topics