Logs with the same timestamp wrong located

Elastic Stack Logstash
1

Hello!
Im using logstash version 7.10.3. Below is my logstash filter config for timstamp match

filter {
        if ([biz] and [log][type] != "nginx") {

                grok {
                        match => { "message" => "^\[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:env}\.%{DATA:severity}: .*" }
                }

                date {
                        match => [ "[timestamp]", "yyyy-MM-dd HH:mm:ss" ]
                        remove_field => "[timestamp]"
                }
        }
}

It works fine with regular log but with some data have the same timestamp. It just miss located
Ex:

[2022-08-02 17:37:32] 4 [] []
[2022-08-02 17:37:32] 5 [] []
[2022-08-02 17:37:32] 6 [] []
[2022-08-02 17:37:32] 12 [] []
[2022-08-02 17:37:32] 13 [] []
[2022-08-02 17:37:32] 14 [] []
[2022-08-02 17:37:32] 15 [] []
[2022-08-02 17:37:32] 16 [] []
[2022-08-02 17:37:32] 18 [] []
[2022-08-02 17:37:32] 19 [] []
[2022-08-02 17:37:32] 20 [] []
[2022-08-02 17:37:32] 21 [] []
[2022-08-02 17:37:32] 22 [] []
[2022-08-02 17:37:32] 23 [] []
[2022-08-02 17:37:32] 25 [] []
[2022-08-02 17:37:32] 26 [] []
[2022-08-02 17:37:32] 27 [] []
[2022-08-02 17:37:32] 28 [] []
[2022-08-02 17:37:32] 29 [] []
[2022-08-02 17:37:32] 30 [] []
[2022-08-02 17:37:32] 32 [] []
[2022-08-02 17:37:32] 39 [] []
[2022-08-02 17:37:32] 40 [] []
[2022-08-02 17:37:32] 41 [] []
[2022-08-02 17:37:32] 42 [] []
[2022-08-02 17:37:32] 43 [] []
[2022-08-02 17:37:32] 44 [] []
[2022-08-02 17:37:32] 45 [] []
[2022-08-02 17:37:32] 46 [] []
[2022-08-02 17:37:32] 47 [] []
[2022-08-02 17:37:32] 48 [] []
[2022-08-02 17:37:32] 49 [] []
[2022-08-02 17:37:32] 50 [] []
[2022-08-02 17:37:32] 51 [] []
[2022-08-02 17:37:32] 52 [] []
[2022-08-02 17:37:32] 53 [] []
[2022-08-02 17:37:32] 54 [] []
[2022-08-02 17:37:32] 55 [] []
[2022-08-02 17:37:32] 56 [] []
[2022-08-02 17:37:32] 57 [] []
[2022-08-02 17:37:32] 59 [] []
[2022-08-02 17:37:32] 61 [] []
[2022-08-02 17:37:32] 63 [] []
[2022-08-02 17:37:32] 66 [] []
[2022-08-02 17:37:32] 68 [] []
[2022-08-02 17:37:32] 69 [] []
[2022-08-02 17:37:32] 70 [] []

On Kibana:

image
image541×612 35.9 KB

Thank for reading!

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.