How to replace @timestamp with field in log


(manja) #1

I want collectd old access log but @timestamp logstash is a time now
i want replace @timestamp with field = apachetime in log from ex.

{

     "message" => "xxx.xx.xx.xx 222990 - - [31/Oct/2018:10:38:33 +0700] \"GET /xxxxxxx/xxxxxxxxxxService/xxxxxxxxxxxxxService?channel=XXX&clientIpAddress=xxx.xx.xx.xx&clientWorkstationName=XXXXX&requestDateTime=2018-10-31T10:38:00&transactionReferenceId=20181031103800376&uuid=4ADGTLRGC84HE2C4UPP3C6QQ7D&accountNo=xxxxxx&clientUserId=xxxxxx HTTP/1.1\" 200 2092 MX100010000000000 xxxxxxxx",

      "method" => "\"GET",

      "remote" => "xxx.xx.xx.xx",

       "local" => "xxxxxxxx",

        "host" => "xxxxxxxx",

        "byte" => "2092",

  "apachetime" => "31/Oct/2018:10:38:33 +0700",

      "status" => 200,

       "elasp" => 222990,

    "@version" => "1",

       "ident" => "-",

        "path" => "/varlog/access_test.log",

        "auth" => "-",

  "@timestamp" => 2018-11-03T11:06:01.527Z,

"request_page" => "/xxxxxxxService/xxxxxxxService/xxxxxxxService?channel=xxx&clientIpAddress=xxx.xx.xx.xx&clientWorkstationName=xxxxxxx&requestDateTime=2018-10-31T10:38:00&transactionReferenceId=20181031103800376&uuid=4ADGTLRGC84HE2C4UPP3C6QQ7D&accountNo=xxxxxxxxx&clientUserId=xxxxxxx",

         "NO8" => "MX100010000000000",

         "NO7" => "HTTP/1.1\""

}


(Christian Dahlqvist) #2

This is done using the date filter.


(manja) #3

Thank you.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.