Hi all,
Trying to replace @timestamp with:
mutate {
add_field => { "log_time" => "%{year}-%{month}-%{day} %{time}" }
}
date {
match => [ "log_time", "yyyy-MM-dd HH:mm:ss" ]
target => "@timestamp"
}
I am seeing log_time in my docs OK -- 2020-05-06 17:45:56 -- but the @timestamp is still the ingest timestamp. Is there additional conversion/formatting necessary here? Surely I'm staring at something stupidly obvious? Thank you in advance.