Hello,
Within my Kibana, I have an index showing @timestamp and another called "time".
The first issue is the field @timestamp does not match the time in Europe/London.
The second is issue is that the time field in log does not match @timestamp
This is the json document of the index:
I have tried to add both date filters in turn shown below to try and correct this but no luck.
date {
match => ["time", "ISO8601"]
timezone => "Europe/London"
target => "time"
}
Any one has come across this issue before? Thanks.
Okay I have fixed the first issue with the incorrrect @timestamp by using the following config:
date {
match => ["timestamp", "ISO8601"]
timezone => "Europe/London"
}
Now with the second issue where the @timestamp and log time were not matching, I tried the following:
grok {
match => ["time", "%{TIMESTAMP_ISO8601:timestamp}"]
}
date {
match => ["timestamp", "ISO8601"]
}
This resolved the 2nd issue but this produced another index field called "timestamp"
Solved issue with:
grok {
match => ["time", "%{TIMESTAMP_ISO8601:timestamp}"]
}
date {
match => ["timestamp", "ISO8601"]
remove_field => ["timestamp"]
}
hope this helps others in the future!
