Ingest @timestamp

Hello. I have a log file where timestamp is [2023-04-05 07:42:35]. I made a ingest pipeline

PUT _ingest/pipeline/fe-logs-json
{
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": [
          "\\[%{FEDATE:time}\\] \\n %{SPACE}%{WORD}: %{GREEDYDATA:out.error}\\n%{GREEDYDATA:out.message}"
        ],
        "pattern_definitions": {
          "FEDATE": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}"
        }
      }
    },
    {
      "json": {
        "field": "out.message"
      }
    },
    {
      "date": {
        "field": "time",
        "formats": [
          "yyyy-MM-dd HH:mm:ss ZZ",
          "yyyy-MM-dd HH:mm:ss"
        ],
        "target_field": "@timestamp",
        "output_format": "yyyy-MM-dd'T'HH:mm:ss"
      }
    }
  ]
}

But test pipeline shows odd result

        "_ingest": {
          "timestamp": "2023-04-05T08:26:46.395830616Z"

But on top of test result correct timestamp

{
  "docs": [
    {
      "doc": {
        "_index": ".ds-filebeat-8.7.0-2023.04.05-000001",
        "_id": "DiY2UIcBLNg0KMokykEP",
        "_version": "-3",
        "_source": {
          "input": {
            "type": "filestream"
          },
          "agent": {
            "name": "srv1",
            "id": "c3b287a9-e7e2-4ae9-be64-ea10f08e158a",
            "type": "filebeat",
            "ephemeral_id": "3033d936-56bd-4bb3-9ccc-369740c241db",
            "version": "8.7.0"
          },
          "@timestamp": "2023-04-05T07:42:35",
          "ecs": {
            "version": "8.0.0"
          },

Could someone please point me to right direction? What i did wrong?

Well, now i see that

        "_ingest": {
          "timestamp": "2023-04-05T08:26:46.395830616Z"

changes anytime i pressed "Refresh result" and corresponds with time i pressed button

All fine i looked at wrong place, ingest @timestamp works as expected

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.