I have some logs logged at date say Apr 9, 2017. I am starting the filebeat and ELK on say 11th Apr.
Is there any way, i can log old logs at appropriate timestamp and index (i am creadting day-wise index, say test-2017.04.09, test-2017-04-10 etc.)
If you use a date filter it'll handle it automatically.
I have below config in my logstash filter
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:logdate}%{ISO8601_TIMEZONE:timezone} %{JAVACLASS:class} %{SYSLOG5424SD:logLevel}"}
}
date {
match => ["logdate", "YYYY-MM-dd'T'HH:mm:ss.SSS"]
target => "@timestamp"
locale => "en"
}
My log message is in this format:
2017-04-06T09:16:07.274-0500 c.t.i.s.b.MessageInterpreter [ERROR] message logged
I want timestamp to be April 6th 2017, 9:16.607.274, but it appears 5:30 hours ahead of that in kibana. The timestamp that appears there is April 6th 2017, 14:46.607.274
LS assumes that time is in UTC, if it is not then you need to use the timezone option.