Need different time stamp other than default @timestamp from the indexed log

Aryaman_Gupta · January 16, 2021, 6:20am

Hi, My log looks like this

2021-01-13 15:30:12.543723914 node0:app:4786 APP_ERR_NUM Function = "DumpSample", Msg = "internal_stats: Wed 2021-01-13 15:15:45 UTC", Val = 0

On visualising the data in the kibana dashboard timestamp being used is first one i.e 2021-01-13 15:30:12.543723914, but I want other timestamp to be considered during visualisation.

I am using grok filter as
%{TIMESTAMP_ISO8601:timestamp} %{WORD:node}:%{WORD:program}:%{INT:pid} %{WORD:traceType} Function = "%{WORD:functionName}", Msg = "%{WORD:msg}: %{WORD:day_word} %{TIMESTAMP_ISO8601:timestamp_new} %{WORD:stamp}", %{WORD:value} = %{INT:count}

Please let me know how can I use other timestamp for visualisation.

||timestamp_new|count|@timestamp|
||2021-01-13 15:36:03|0|Jan 15, 2021 @ 23:02:57.090|
||2021-01-13 15:36:06|0|Jan 15, 2021 @ 23:02:57.136|
||2021-01-13 15:36:09|0|Jan 15, 2021 @ 23:02:57.136|

system · February 13, 2021, 6:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.