Hi elastic experts, I am using ECK Beat to collect the container logs of applications deployed in k8s cluster. The type of beat is filebeat. I can see the logs shipped from beat to logstash have the field @timestamp, the precision of timestamp is now milliseconds. The raw log files located in /var/log/containers have the timestamp with higher nanoseconds precision. I guess @timestamp is generated based on the timestamp from the raw log file, I want @timestamp has microseconds precision, how can I configure ECK Beat(or others?) to achieve it? Thanks.
The log shipped to logstash
{
"tags" => [
[0] "beats_input_codec_plain_applied"
],
"@version" => "1",
"k8s" => {
"container" => "logstash",
"pod" => "eck-stack-eck-logstash-ls-1",
"node" => "shc01",
"namespace" => "logging"
},
"@timestamp" => 2024-09-06T03:52:40.697Z,
"message" => " \"k8s\" => {"
}
The raw log in /var/log/containers/
2024-09-06T11:03:59.898513895+08:00 stdout F This is the first task
2024-09-06T11:04:04.900511243+08:00 stdout F This is the first task
2024-09-06T11:04:09.902578864+08:00 stdout F This is the first task