My app generates JSON the following in log files:
{"@version":"1","@timestamp":"2015-08-23T17:37:33.235Z","thread":"098658","level":"INFO","marker":{"name":"LOGGABLE"},"message":"someid=PMCtuW9.6sKDC,result=blabla"}
The idea is logstash Indexer will not have to create @timestamp. Logstash Forwarder adds a field type and set it to "myapp".
filter {
if [type] == "myapp" {
json {
source => "message"
}
}
All seems to work fine, but I'm not sure that adding @timestamp in my log message would help reducing the workload logstash indexer has to do. Is my @timestamp in the correct format or does Logstash Forwarder still have to convert it to a timemillis format?
Thanks...