I have created .conf file where I am ingesting HTTP endpoints output data in Elasticsearch with the help of http_poller plugin. I want to replace timestamp which is provided by Logstash with the timestamp of at which actual request made for that particular endpoint.
How to use date filter plugin in this case? Please help.
Thanks in advance.
By default @timestamp is, I believe, added as an event is created. There should not be much difference between that and the time when the http_poller runs. You can add the currect time using
filter {
ruby {
code => '
event.set("date", Time.now.strftime("%Y-%m-%d %H:%M:%S")
'
}
}
and then parse that with a date filter. But if something is causing delays between creating events and processing them it may cause delays between the execution of the http_poller and execution of the ruby filter.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.