Hi,
Looking for some direction on how to utilize a combination of Filename (2019/02/21 - YYYY/MM/DD) and the first 8 characters of each line in the file (04:16:50 - HH:NN:SS) instead of the generic @timestamp being utilized by the Time Filter Field Name.
Haven't had much luck searching for answers, it's a pretty basic install of Elasticsearch, Logstash and Kibana on a single server with Filebeats sending the files to Elasticsearch :9200
There's probably a few ways to do this. With Logstash you could:
%{filename_date} %{message_ts}
date filter to set the @timestamp
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.