File ingest timestamp question

by default when i ingest a single json file kibana present timestamp at the time of the ingesting process. is there a way to use a timestamp record within the json and present it in kibana as the ingesting time?

Sure, you need to parse your json message using the json filter, and then apply the date filter.

This will store the value of the timestamp record in your document in the @timestamp field.

What does your pipeline and document looks like?

looks like this

input {
  file {
    start_position => "beginning"
    type => "json"
    codec => "json"
    path => "/data/elastic/*.json"
    sincedb_path => "/dev/null"
  }
}
output {
  elasticsearch {
    hosts => ["10.10.10.10:9200"]
    index => "jenkins"
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.