Make @timestamp the same as Log's timestamp

WarriorHarb · June 23, 2019, 4:38am

Hello,
I am parsing a log with this format :

2019-04-19 12:00:05.17 FCC7-APS01-B Collector[71] [Info] Publisher.TransmitterServiceAlivePolicy - Transmitter service is Alive.

I applied a grok filter :

match =>{
"message" =>"%{TIMESTAMP_ISO8601:Date}%{SPACE}%{GREEDYDATA:Message}"
}

Then as suggested in similar topics i applied the date filter :

date {
match => [ "Date" , "ISO8601" ]
target => "@timestamp"
}

Yet i still don't get the @timestamp with the log's timestamp, instead it has the time of when it was parsed by Elastic.

Any help wil be apperciated .

Badger · June 23, 2019, 9:46am

I get

"@timestamp" => 2019-04-19T12:00:05.170Z,

with those filters.

WarriorHarb · June 23, 2019, 10:42am

when i delete the date part, i get the logs parsed but with the ES timestamp, when i add the date filter, filebeat keeps sending logs but i get nothing with kibana.
any idea what's the problem in my code ?

Badger · June 23, 2019, 1:01pm

In Kibana, are you sure you have the date picker set to a range that include April?

WarriorHarb · June 23, 2019, 1:40pm

@Badger dude you're a life saviour !

system · July 21, 2019, 1:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
@timestamp kibana and log time are differents Elasticsearch	3	5685	May 21, 2019
Replacing @timestamp correctly Logstash	9	457	March 13, 2019
How to replace @timestamp with logtime? Logstash	4	14334	March 8, 2018
@Timestamp is not matching event timestamp _dateparsefailure Logstash	3	162	November 2, 2023
Timestamp => @timestamp Logstash	17	4043	June 14, 2017

Make @timestamp the same as Log's timestamp

Related topics