How to change @timestamp field in kibana with timestamp of my logs time

My Log sample is :

2016-09-26 09:27:18,091 [[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] AUDIT com.rockon.intranet.IRTD.resource.IRTDdoplanAPI - (Request_Timestamp,2016-09-26 09:27:15.969 || Unique_Identifier,rockon_lunch_9f4d3157-b410-4974-a202-dd26ed82f365 || Requester_Id,backendAPI || Channel,intranet || Api_Name,Fetch doplan API || ResponseTime,2122 || Transaction_Status,Failure || ErrorCode,rockon_intranet_IRTD_doplan_EXCEPTION_3615_E || ErrorMessage,description:Error from the backend system. Please check the fault trace for details., trace:No Data Found || KeyResponseparameter,Not available || ApplicationName,lunch)

I Want time in logs i.e. 2016-09-26 09:27:18,091 to print in kibana at @timestamp field.

Kindly tell me how to write Date Filter for the same.

Use a grok filter to extract the timestamp into a field of its own, then use a date filter with the match pattern set to ISO8601 to parse the timestamp into the @timestamp field. Note that @timestamp is always UTC, so assuming you're in UTC+0530 the example above is going to result in 2016-09-26T03:57:18.091Z.

1 Like