I'm following the link below to set up the collectd and logstash while storing the data in the ES.
https://www.elastic.co/guide/en/logstash/current/plugins-codecs-collectd.html
Just wondering what does the timestamp in ES represent? Is it time being loaded to ES? Can I use the time when the collectd collected or sent the data or something like that?
Thanks.
The @timestamp field is the event timestamp from collectd. The codec does all of the translation for you.
That's great! And thanks for sharing the exact code for that.
I asked this question as I use elastalert to query the events I found sometimes the elastalert responds with less hits than the count I can find from ES within the same query window. I came to know query_delay option of the rule but wondering if there is any other option to take. Thinking how to to speed up the indexing time to ES.
Thanks!
That's a different question altogether. To preserve this thread as collectd-specific, I ask that you launch a new discussion, or find one of the many excellent ones on that topic.
Okay, appreciate your help!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.