How to replace @timestamp with field in log

manja · November 3, 2018, 11:31am

I want collectd old access log but @timestamp logstash is a time now
i want replace @timestamp with field = apachetime in log from ex.

{

     "message" =&gt; "xxx.xx.xx.xx 222990 - - [31/Oct/2018:10:38:33 +0700] \"GET /xxxxxxx/xxxxxxxxxxService/xxxxxxxxxxxxxService?channel=XXX&amp;clientIpAddress=xxx.xx.xx.xx&amp;clientWorkstationName=XXXXX&amp;requestDateTime=2018-10-31T10:38:00&amp;transactionReferenceId=20181031103800376&amp;uuid=4ADGTLRGC84HE2C4UPP3C6QQ7D&amp;accountNo=xxxxxx&amp;clientUserId=xxxxxx HTTP/1.1\" 200 2092 MX100010000000000 xxxxxxxx",

      "method" =&gt; "\"GET",

      "remote" =&gt; "xxx.xx.xx.xx",

       "local" =&gt; "xxxxxxxx",

        "host" =&gt; "xxxxxxxx",

        "byte" =&gt; "2092",

  "apachetime" =&gt; "31/Oct/2018:10:38:33 +0700",

      "status" =&gt; 200,

       "elasp" =&gt; 222990,

    "@version" =&gt; "1",

       "ident" =&gt; "-",

        "path" =&gt; "/varlog/access_test.log",

        "auth" =&gt; "-",

  "@timestamp" =&gt; 2018-11-03T11:06:01.527Z,

"request_page" =&gt; "/xxxxxxxService/xxxxxxxService/xxxxxxxService?channel=xxx&amp;clientIpAddress=xxx.xx.xx.xx&amp;clientWorkstationName=xxxxxxx&amp;requestDateTime=2018-10-31T10:38:00&amp;transactionReferenceId=20181031103800376&amp;uuid=4ADGTLRGC84HE2C4UPP3C6QQ7D&amp;accountNo=xxxxxxxxx&amp;clientUserId=xxxxxxx",

         "NO8" =&gt; "MX100010000000000",

         "NO7" =&gt; "HTTP/1.1\""

}

Christian_Dahlqvist · November 3, 2018, 11:48am

This is done using the date filter.

manja · November 4, 2018, 11:02pm

Thank you.

system · December 2, 2018, 11:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.