hi,
i want to add a new field in my config filebeat and put in it the @timestamp value :
fields:
harvest_timestamp: @timestamp
but it doesn't work ...
my goal, at the end, is to delete the field @timestamp and just keep the new field 'harvest_timetamp'. Thus, my logstash shipper, output in my config, will create his own @timestamp... and i will know :
1 - the harvest timestamp
2 - the shipping timestamp
A solution exists please ? ty
you can not rename fields in filebeat directly. You have to do this kind of processing in logstash, but no idea if you can overwrite the @timestamp in logstash.
ty steffens for your answer (even if it doesn't help 
)
the timestamp is not set by output plugin, but by input plugins. Using ruby or mutate filter you can try to store @timestamp into harvest_timestamp and try to overwrite timestamp. Never tried, but with ruby filter you can try
ruby {
code => 'event["[@timestamp]"] = Time.now'
}
Regarding questions about event processing in logstash, have a look at the logstash forum.
ty steffens it works !! 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.