Filebeat -> @timestamp as eventtime

lupolo · December 8, 2016, 7:04pm

Hi,

I have the following source log:

2016-12-08 18:56:49,666 INFO Field1="x" Field1="x1" Field3="3" Field4="4" Field5="5" Field6="x6" ............. Fieldn="xn"

It is shipped by filebeat to elasticsearch.

How can I set the event time "2016-12-08 18:56:49,666" as @timestamp?

Currently, @timestamp is equal to the time the event was indexed.

Thanks,
Lp

warkolm · December 9, 2016, 12:00am

You either need to use ingest node, or Logstash to grok the event and break out the timestamp.
Filebeat will simply send the event as it.

system · January 6, 2017, 12:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How di I map Timestamp to event Timestamp from filebeat thru logstash Logstash	10	501	March 21, 2023
Filebeat / Winlogbeat -> Logstash -> Elastic '@timestamp' problem Logstash	2	356	November 12, 2019
Setting @timestamp in filebeat Beats filebeat	3	16792	July 18, 2018
Filebeat new timestamp field Beats filebeat	3	2603	May 29, 2018
Problem with @timestamp time in indexes Beats filebeat	22	3028	April 7, 2020