Christian, we are using ELK + Filebeat to ingest logs from IIS server. We had an issue where the service was not running and some old IIS logs were not imported from 2 weeks ago. I've turned filebeat service and the logs got ingested but the timestamp was used as current time of import. I would like logstash to read timestamp on the actual logs. I found these articles describing similar issue I tried to follow the steps described however was not successful.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.