My machine time is correct (i.e. June 2018) and I have no reference to timestamp in my grok parser.
But when I parse my log file with logstash, my @timestamp field for all documents is always "January 1st 2015, 00:10:00.000". What's going on?
Also, I set my index name to be partially based on the current date.
index => "example-%{+YYYY.MM.dd}".
And my index name is showing up as "example-2014.12.31".
Did I screw up somewhere?
What does you Logstash configuration look like? What does an event with the incorrect timestamp look like in Elasticsearch?
Heh you're right. I set a custom added field to be the new timestamp as October 2015. But it was showing Jan 2015 because my "MM" (month) was incorrectly set as "mm" (minute). So I got totally confused and didn't link the two together as I forgot my custom timestamp was supposed to overwrite the @timestamp.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.