I have some logs logged at date say Apr 9, 2017. I am starting the filebeat and ELK on say 11th Apr.
Is there any way, i can log old logs at appropriate timestamp and index (i am creadting day-wise index, say test-2017.04.09, test-2017-04-10 etc.)
If you use a date filter it'll handle it automatically.
I have below config in my logstash filter
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:logdate}%{ISO8601_TIMEZONE:timezone} %{JAVACLASS:class} %{SYSLOG5424SD:logLevel}"}
}
date {
match => ["logdate", "YYYY-MM-dd'T'HH:mm:ss.SSS"]
target => "@timestamp"
locale => "en"
}
My log message is in this format:
2017-04-06T09:16:07.274-0500 c.t.i.s.b.MessageInterpreter [ERROR] message logged
I want timestamp to be April 6th 2017, 9:16.607.274, but it appears 5:30 hours ahead of that in kibana. The timestamp that appears there is April 6th 2017, 14:46.607.274
LS assumes that time is in UTC, if it is not then you need to use the timezone option.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.