[Logstash] Replace the @timestamp with a rsyslog ISO8691 timestamp from Filebeat log lines

Kuo_Hugo · June 17, 2020, 2:30am

Hi Badger,

The rsyslog.timestamp is defined by myself in the dissect processor.

processors:
    - dissect:
        tokenizer: "%{rsyslog.timestamp} %{rsyslog.hostname} %{programname}: %{severity} %{swift_logs}"
        field: "message"
        target_prefix: ""

How's right way to assign a field abc.efg to be the @timestamp in logstash?

Topic		Replies	Views
Replace @timestamp with actual timestamp from log file Logstash	16	96839	February 16, 2017
Can i replace logstash timestamp with timestamp of my logfile? Logstash	17	40328	July 6, 2017
Logstash - how to parse rsyslog date field from logs message into @timestamp (UTC) Logstash ingest-pipeline	2	971	April 2, 2021
How to overwrite Log time values with @timestamp Logstash	3	2347	December 26, 2016
Replacing @timestamp correctly Logstash	9	525	March 13, 2019

[Logstash] Replace the @timestamp with a rsyslog ISO8691 timestamp from Filebeat log lines

Related topics