Logstash adding date at the beginning of the each record

sekharvijju · October 16, 2019, 9:54pm

Hi Logstash gurus,

I m trying to setup a basic logstash client to push server logs into S3 bucket using Input plugin & s3 output plugin.

input {
file {
path => "/logs/sys*"
exclude => "*.tar"
start_position => "beginning"
sincedb_path => "/var/logstash/.sincedb9"
sincedb_clean_after => "4"
}
}
output {
s3{
access_key_id => "XXXXXXXXXXXXXXXXXXXX"
secret_access_key => "XXXXXXXXXXXX"
region => "xx-xxxx-1"
bucket => "xyz
size_file => 10480000
time_file => 5 #5 minutes
codec => "line"
canned_acl => "private"
prefix => "logs"
}
}

At the beginning of each log event (row/line), it's adding the timestamp in UTC and then the actual event itself from the logfile as below:

2019-10-16T21:26:14.530Z XXXX XXXX XXXXXXXXXXXX XXXXXXXXXXX "GET XXXXXXX HTTP/1.1" 200 2057

Went through logstash documentation for input plugin and S3 output plugin and did not find anything talking about the timestamp being added automatically. time_file was added to rollup the events at every 5 minutes interval.

How do I get rid of that default timestamp? Any ideas or help is appreciated.

Regards,

Vijay

Badger · October 17, 2019, 3:44pm

The default message format for the line codec is to add the timestamp and hostname at the beginning of the line. Specify the format option if you do not want that.

system · November 14, 2019, 3:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash S3 output prefix - Event field timestamp Logstash	3	443	October 18, 2022
Remove default fields from logstash output Logstash	2	3330	July 6, 2017
Timestamp field issue Logstash	3	331	June 6, 2022
Logstash to log file processing start and end time Logstash	3	650	December 14, 2020
How to disable all formatting/processing done by logstash Logstash	6	466	September 22, 2020

Logstash adding date at the beginning of the each record

Related topics