Filebeat-6.2.3： timestamp issue with output.kafka

Brian_Chung · April 12, 2018, 11:06am

filebeat version: filebeat-6.2.3
kafka version: 0.10.2.1
filebeat.yml as follows:

filebeat.prospectors:

type: log
enabled: ture
paths:
- /opt/filebeat/test.log
  fields:
  log_topic: test
  tag: bdu

output.kafka:
hosts: ["kafka1", "kafka2", "kafka3"]
topic: '%{[fields.log_topic]}'
required_ack: 1

It works perfect, but I have a requirement for changing the default @timestamp format (ISO 8601)
from: "@timestamp": "2018-04-12T10:58:01.787Z"
to: "@timestamp": "2018-04-12T18:58:01.787+08:00"

and I found in the /var/lib/filebeat/registry
the timestamp is exactly the format I need

is it possible to get the timestamp format in /var/lib/filebeat/registry ?

is there any other solution like getting the local time in fields ?

sancroth · April 12, 2018, 11:19am

Have a look at https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
date {
match => [ "@timestamp", "YYYY-MM-ddddTHH:mm:ssZZ" ]
}
or something like this could work.
You need some testing. Also i wouldn't quite recommend messing with timestamp itself, not sure how kibana/elastic might be affected.Try to create a second field "custom_date"(?) and test on that.

Edit: My bad you are not using logstash, you can't use this approach unless you add logstash in your stack.

Brian_Chung · April 12, 2018, 11:35am

Thanks for the respond

So is it possible to have a field like this:

fields:
timestamp: {local host time}

Cause I haven’t figured out what variable to deal with that

system · May 10, 2018, 11:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.