Hello, first of all, sorry for my English. I hope you understand me.
I´m new in ELK and I have a problem when I try to update document from logstash to elasticsearch.
In my log file, I receive a line with a date of start, and before I receive a line with a date of end. The problem is that when start time and stop time is short, Iogstash send stop time first and start time before. This is a problem because when I represent this in kibana, start time crash stop time.
log file example:
INICIO -> 20180725 11:00:00
FIN -> 20180725 11:00:01
output.conf:
output {
elasticsearch {
index => "index_malla_sat-%{+YYYY.MM.dd}"
hosts => ["localhost:9200"]
action => "update"
doc_as_upsert => "true"
document_id => "%{path}"
}
} }
I hope you can help me.
Thanks for all.