when i using syslog plugin to run logstash with my configuration ,
get the wrong @timestamp ,
it's show 2000 ???
"@timestamp" => "2000-04-28T08:08:24.000Z"
Any help here?
What's the input string and what does your date filter look like?
input string is syslog,
"<189>Apr 28 17:23:54 NY-la 23205521: PP/0/RPP1/CPU0:Apr 28 17:26:58.922 : msdp[1051]: %ROUTING-MSDP-5-INIT_STDBY_PEER_UP_DOWN : MSDP peer up: 1.2.3.4 11111 Session has been successfully replicated! , PP/0/PPP1/CPU0:Apr 28 17:26:58.922 : msdp[1051]: %ROUTING-MSDP-5-INIT_STDBY_PEER_UP_DOWN : MSDP peer up: 1.2.3.4 11111 Session has been successfully replicated! "
conf as follow,
input {
syslog{
}
}
i didn't set any date filter
That's weird. The syslog input uses a date filter internally, but it should default to the current year. I don't understand what the year 2000 comes from.