Filebeat - Module Elasticsearch - Parsing date

vasek · November 13, 2019, 7:01am

Hello,
I am using Filebeat Elasticsearch Module, but timestamp is not parsed from elasticsearch logs. Can Filebeat Elasticsearch Module parse timestamp from elasticsearch logs? From some reason I see all collected documents in index with the same timestamp.

I am using Elasticstack components of version 7.0.1.

shaunak · November 13, 2019, 5:57pm

Can you share the following information:

your modules.d/elasticsearch.yml
some sample lines from the Elasticsearch log that are not being parsed correctly
a document from the index corresponding to one of the sample lines from above, showing the badly-parsed timestamp
Elasticsearch generates mutiple log files — please tell us if this is the server log, deprecation log, or some other log.

Thanks,

Shaunak

system · December 11, 2019, 5:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.