Logstash @timestamp replacement help

clarkritchie · May 6, 2020, 6:14pm

Hi all,

Trying to replace @timestamp with:

mutate {
  add_field => { "log_time" => "%{year}-%{month}-%{day} %{time}" }
}
date {
  match => [ "log_time", "yyyy-MM-dd HH:mm:ss" ]
  target => "@timestamp"
}

I am seeing log_time in my docs OK -- 2020-05-06 17:45:56 -- but the @timestamp is still the ingest timestamp. Is there additional conversion/formatting necessary here? Surely I'm staring at something stupidly obvious? Thank you in advance.

system · June 3, 2020, 6:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Modify @timestamp Logstash	2	1216	November 25, 2019
Logstash - replace @timestamp Logstash	3	310	February 16, 2021
Replacing @timestamp with timestamp of my log Logstash	18	12644	January 5, 2017
Can't replace real log time with @timestamp Logstash	6	1009	August 8, 2019
Replace @timestamp with log's time Somebody help me please Logstash	18	2103	July 30, 2019

Logstash @timestamp replacement help

Related Topics