Logstash @timestamp replacement help

clarkritchie · May 6, 2020, 6:14pm

Hi all,

Trying to replace @timestamp with:

mutate {
  add_field => { "log_time" => "%{year}-%{month}-%{day} %{time}" }
}
date {
  match => [ "log_time", "yyyy-MM-dd HH:mm:ss" ]
  target => "@timestamp"
}

I am seeing log_time in my docs OK -- 2020-05-06 17:45:56 -- but the @timestamp is still the ingest timestamp. Is there additional conversion/formatting necessary here? Surely I'm staring at something stupidly obvious? Thank you in advance.

system · June 3, 2020, 6:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Replace my @timestamp Logstash	5	854	July 6, 2017
Modify @timestamp Logstash	2	1216	November 25, 2019
Logstash - replace @timestamp Logstash	3	311	February 16, 2021
Logstash date filter not replacing @timestamp field Logstash	4	1241	April 1, 2017
Replacing @timestamp Logstash	2	1132	July 6, 2017

Logstash @timestamp replacement help

Related topics