Need different time stamp other than default @timestamp from the indexed log

Aryaman_Gupta · January 16, 2021, 6:20am

Hi, My log looks like this

2021-01-13 15:30:12.543723914 node0:app:4786 APP_ERR_NUM Function = "DumpSample", Msg = "internal_stats: Wed 2021-01-13 15:15:45 UTC", Val = 0

On visualising the data in the kibana dashboard timestamp being used is first one i.e 2021-01-13 15:30:12.543723914, but I want other timestamp to be considered during visualisation.

I am using grok filter as
%{TIMESTAMP_ISO8601:timestamp} %{WORD:node}:%{WORD:program}:%{INT:pid} %{WORD:traceType} Function = "%{WORD:functionName}", Msg = "%{WORD:msg}: %{WORD:day_word} %{TIMESTAMP_ISO8601:timestamp_new} %{WORD:stamp}", %{WORD:value} = %{INT:count}

Please let me know how can I use other timestamp for visualisation.

||timestamp_new|count|@timestamp|
||2021-01-13 15:36:03|0|Jan 15, 2021 @ 23:02:57.090|
||2021-01-13 15:36:06|0|Jan 15, 2021 @ 23:02:57.136|
||2021-01-13 15:36:09|0|Jan 15, 2021 @ 23:02:57.136|

system · February 13, 2021, 6:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Make @timestamp the same as Log's timestamp Logstash	5	303	July 21, 2019
Can't use anymore @timestamp after a time filter change Kibana	3	577	December 25, 2019
Another @timestamp question... non-standard timestamp transformation Logstash	4	468	September 25, 2019
Replacing @timestamp with logs having custom timestamp Logstash	8	742	February 19, 2023
Time column it's different than @timestamp field in kibana Kibana elastic-stack-monitoring	3	127	April 8, 2024

Need different time stamp other than default @timestamp from the indexed log

Related Topics