I'm following the link below to set up the collectd and logstash while storing the data in the ES.
https://www.elastic.co/guide/en/logstash/current/plugins-codecs-collectd.html
Just wondering what does the timestamp in ES represent? Is it time being loaded to ES? Can I use the time when the collectd collected or sent the data or something like that?
Thanks.
The @timestamp field is the event timestamp from collectd. The codec does all of the translation for you.
That's great! And thanks for sharing the exact code for that.
I asked this question as I use elastalert to query the events I found sometimes the elastalert responds with less hits than the count I can find from ES within the same query window. I came to know query_delay option of the rule but wondering if there is any other option to take. Thinking how to to speed up the indexing time to ES.
Thanks!
That's a different question altogether. To preserve this thread as collectd-specific, I ask that you launch a new discussion, or find one of the many excellent ones on that topic.
Okay, appreciate your help!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.