Hi
I have logstash config that send logs to Splunk HEC.
these data contain field that call "time".
Now question is: does it possible to consider "time" as "_time" on logstash config?
FYI: i want to consider this time as _time not the time that splunk receive it.
Any idea?
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.