Replace my @timestamp

m.francia · February 2, 2016, 2:12pm

Hi!
I have a log that looks like this "2016-02-02 14:52:18" , and I want to replace my @timestamp, I tried different ways but none works. I have read many entries but I didn´t find a solution.
Actually im trying with this filter

mutate{
add_field =>{"data" => "%{year}-%{month}-%{day} %{time}"}
}
date{
match => ["data", "YYYY-MM-dd HH:mm:ss"]
target => "@timestamp"
}

My logstash console shows this "@timestamp" => "2016-02-02T14:05:30.000Z",

thanks in advance.

magnusbaeck · February 2, 2016, 6:56pm

Please show a complete example message from a stdout { codec => rubydebug } output.

m.francia · February 3, 2016, 10:18am

     "@version" => "1",
   **"@timestamp" => "2016-02-03T10:02:40.000Z",**
         "type" => "adobelog",
         "host" => "*******",
  "clientstate" => "connect-continue",
       "status" => "connect",
       "stream" => "continue",
     "category" => "session",
    **"timestamp" => "2016-02-03 11:02:40",**
         "year" => "2016",
        "month" => "02",
          "day" => "03",
         "time" => "11:02:40",
     "timezone" => "CET",
       "ipHost" => "********",
         "spid" => 16012,
      "cpuload" => 0,
  "memoryusage" => "2",
          "app" => "vod",
  "appinstance" => "_definst_",
"eventduration" => 0,
     "clientip" => "********",
         "port" => [
    [0] "1935",
    [1] "1935"
],
     "referrer" => "*****"
    "useragent" => "WIN 20,0,0,286",
           "os" => "WIN",
      "scBytes" => 3646

I want to replace my @timestamp with the value of timestamp and I´m generating the timestamp value with the logstash filter

 mutate{
      add_field =>{"timestamp" => "%{year}-%{month}-%{day} %{time} +0100"}
    }

And I tried

date{
      match => ["timestamp", "YYYY-MM-dd HH:mm:ss Z"]
      target => "@timestamp"
    }

And in other case with **"timestamp" => "2016-02-03 11:02:40",** I tried

date{
      match => ["timestamp", "YYYY-MM-dd HH:mm:ss"]
      timezone => "Europe/Madrid" 
      target => "@timestamp"
    }

thanks in advance.

magnusbaeck · February 3, 2016, 12:37pm

@timestamp is UTC and timestamp is CET. That's why there's a one-hour difference. Everything looks fine.

m.francia · February 3, 2016, 1:07pm

Hi,

Oh god!, I wanted to do that because I wanted to load historical logs, and I forgot to check this loading new data from a old log. I checked it, and works! =)

Thanks for everything.

Topic		Replies	Views
Logstash @timestamp replacement help Logstash	1	214	June 3, 2020
Replace @timestamp or add new field with time from log file Logstash	4	500	January 6, 2020
Can i replace logstash timestamp with timestamp of my logfile? Logstash	17	40237	July 6, 2017
Replacing @timestamp with timestamp of my log Logstash	18	12646	January 5, 2017
Logstash date filter not replacing @timestamp field Logstash	4	1241	April 1, 2017

Replace my @timestamp

Related Topics