Hello,
I was receiving log with this date format Dec 20 12:58:00, for instance. I used SYSLOGTIMESTAMP and it working well.
However when I use this field in Kibana to timestamp field I didn't see nothing at discover.
When I use timestamp I see all logs at discover.
This will depend on what you used to ingest. Normally logs lines like this are ingested by Filebeat or Logstash using the ECS (Elastic Common Schema) which will parse the timestamp in the @timestamp field.
Thank you for answer.
I've setup a new date format in pipeline file(.conf) using date.
After that setup in Kibana index template this new format.
Thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
