Hi guys.
I started playing with ELK (7.3.1 all components), on my CentOS7 test machine.
First problem, i also uso Splunk as bigdata Analyzer/Monitoring System... the first gift Splunk did, is to recognize almost every timestamp in a raw log, by itself... that's great... same feature, i can't find in ELK, nor filebeat. Every raw log type seems must be "programmed" with a timestamp config in yml... is it so? Really does not exist a feature to make filebeat to recognize a timestamp by itself?
Ex. Filebeat /var/log/filebeat/ to Logstash->ES, searching in Kibana, fields logged,
Time: Aug 30, 2019 @ 11:11:35.173
@timestamp: Aug 30, 2019 @ 11:11:35.173
message: 2019-08-30T11:11:32.267+0200 INFO [monitoring] [........]
Automatic fields (date type) do not corrispond...
Did i loose some config, or really filebeat can't catch the "2019-08-30T11:11:32.267+0200" string and ingest as log entry/message timestamp, but ingest only event timestamp when "catched" with actual catch date?
Thanks a lot.
