Make @timestamp the same as Log's timestamp

WarriorHarb · June 23, 2019, 4:38am

Hello,
I am parsing a log with this format :

2019-04-19 12:00:05.17 FCC7-APS01-B Collector[71] [Info] Publisher.TransmitterServiceAlivePolicy - Transmitter service is Alive.

I applied a grok filter :

match =>{
"message" =>"%{TIMESTAMP_ISO8601:Date}%{SPACE}%{GREEDYDATA:Message}"
}

Then as suggested in similar topics i applied the date filter :

date {
match => [ "Date" , "ISO8601" ]
target => "@timestamp"
}

Yet i still don't get the @timestamp with the log's timestamp, instead it has the time of when it was parsed by Elastic.

Any help wil be apperciated .

Badger · June 23, 2019, 9:46am

I get

"@timestamp" => 2019-04-19T12:00:05.170Z,

with those filters.

WarriorHarb · June 23, 2019, 10:42am

when i delete the date part, i get the logs parsed but with the ES timestamp, when i add the date filter, filebeat keeps sending logs but i get nothing with kibana.
any idea what's the problem in my code ?

Badger · June 23, 2019, 1:01pm

In Kibana, are you sure you have the date picker set to a range that include April?

WarriorHarb · June 23, 2019, 1:40pm

@Badger dude you're a life saviour !

system · July 21, 2019, 1:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.