Make @timestamp the same as Log's timestamp

WarriorHarb · June 23, 2019, 4:38am

Hello,
I am parsing a log with this format :

2019-04-19 12:00:05.17 FCC7-APS01-B Collector[71] [Info] Publisher.TransmitterServiceAlivePolicy - Transmitter service is Alive.

I applied a grok filter :

match =>{
"message" =>"%{TIMESTAMP_ISO8601:Date}%{SPACE}%{GREEDYDATA:Message}"
}

Then as suggested in similar topics i applied the date filter :

date {
match => [ "Date" , "ISO8601" ]
target => "@timestamp"
}

Yet i still don't get the @timestamp with the log's timestamp, instead it has the time of when it was parsed by Elastic.

Any help wil be apperciated .

Badger · June 23, 2019, 9:46am

I get

"@timestamp" => 2019-04-19T12:00:05.170Z,

with those filters.

WarriorHarb · June 23, 2019, 10:42am

when i delete the date part, i get the logs parsed but with the ES timestamp, when i add the date filter, filebeat keeps sending logs but i get nothing with kibana.
any idea what's the problem in my code ?

Badger · June 23, 2019, 1:01pm

In Kibana, are you sure you have the date picker set to a range that include April?

WarriorHarb · June 23, 2019, 1:40pm

@Badger dude you're a life saviour !

Topic		Replies	Views
How to overwrite Log time values with @timestamp Logstash	3	2370	December 26, 2016
From Logdate generate @timestamp Logstash	3	393	April 18, 2018
How to parse date field into @timestamp Logstash	10	334	February 14, 2024
Replacing @timestamp with actual logtime Logstash	6	362	August 26, 2019
Can't replace real log time with @timestamp Logstash	6	1067	August 8, 2019

Make @timestamp the same as Log's timestamp

Related topics