It makes sense, but please provide the information requested.
Specifically the entire document that was output, not just a section of it.
logs of dec 16:
@timestamp Dec 16, 2020 @ 18:59:59.715
_id _KCkbnYBaWc7eVWEZIer
_index log-2020.12.17
_score -
_type _doc
agent.ephemeral_id 59068176-f55f-437b-97b8-a0933dd9d968
agent.id c2863c1e-bc3d-4d18-8be4-d5db8b214edc
agent.name VM_0_16_centos
agent.type filebeat
agent.version 7.10.0
ecs.version 1.6.0
input.type log
log.file.path somefilepath
log.offset 172,959,393
message [sometext1] [2020-11-30 02:10:17.736] [loglevel] [sometext2] msg
recent log
@timestamp Jan 5, 2021 @ 12:56:38.165
_id SUVW1HYBaWc7eVWEYHkl
_index log-node2-2021.01.06
_score -
_type _doc
agent.ephemeral_id ad80e8ba-bbac-4e2c-a33b-09135f3b6553
agent.id c2863c1e-bc3d-4d18-8be4-d5db8b214edc
agent.name VM_0_16_centos
agent.type filebeat
agent.version 7.10.0
dissect.start_time 2021-01-06 04:56:33.698
ecs.version 1.6.0
input.type log
log.file.path somefilepath
log.offset 169,458,666
message [sometext1] [2021-01-05 09:56:17.736] [loglevel] [sometext2] msg
dissect.start_time is working only on recent logs not on previous ones.I do not think that logs which are sent to ES can have the changes made in filebeat. I just simply added add_host_metadata: and they are not visible in Dec 16,2020 logs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.