Hi everyone,
So i'm brand new to the world of Kibana and its nomenclature. I've been floating through the internet for a while to try to look for a solution to my problems and haven't found much of use.
I'm hoping people here can at least point me in the right direction.
So I have some apps that produce some logs. Let's say the logs have this format (which i gather is logfmt):
2019-06-19 15:50:41 +0000 [info]: #0 starting fluentd worker pid=740 ppid=6 worker=0
2019-06-19 15:50:41 +0000 [info]: #0 [in_tail_kube_proxy] following tail of /var/log/kube-proxy.log
2019-06-19 18:07:21 +0000 [info]: #0 [filter_kube_metadata] stats - namespace_cache_size: 1, pod_cache_size: 1, namespace_cache_api_updates: 2, pod_cache_api_updates: 2, id_cache_miss: 2
2019-06-19 18:07:21 +0000 [info]: #0 stats - namespace_cache_size: 1, pod_cache_size: 1, namespace_cache_api_updates: 2, pod_cache_api_updates: 2, id_cache_miss: 2
I'm sending these logs off to es and visualizing everything on Kibana.
However, I don't get a timestamp but I do have these other fields:
_id string
_index string
_score number
_source _source
_type string
container_info string
container_info.keyword string
docker.container_id string
docker.container_id.keyword string
A sample event looks like this:
{
"_index": "test",
"_type": "test",
"_id": "1",
"_version": 1,
"_score": 1,
"_source": {
"log": "time=\"2019-06-19T17:52:06Z\" level=debug msg=\"Using default configmap for namespace 'default'\"\n",
"stream": "stderr",
...
}
How could I "tell kibana to use the timestemp field within log as a timestamp"?