Replace @timestamp with actual timestamp from log file

ivten · January 19, 2017, 12:56pm

Testing the following with stdin input and stdout output works fine, i.e. the timestamp is matched and put in @timestamp:

input { stdin { } }

filter {
 grok {
     match => ["message", "%{TIMESTAMP_ISO8601:tstamp}"]
       }
  date {
    match => ["tstamp", "ISO8601"]
  }
}      

output { stdout { codec => rubydebug } }

However, I get " _grokparsefailure" when I change to redis input and elasticsearch output:

input {
 redis {
       host => "redis"
           data_type => "list"
           key => "my-test"
   }              

filter {
        grok {
             match => ["message", "%{TIMESTAMP_ISO8601:tstamp}"]
        }

        date {
            match => ["tstamp", "ISO8601"]
             }
    }

output {
              elasticsearch {
           hosts => ["elasticsearch-host:9200"]
               index => "my-test"
    }
}

I'm testing with this string:
{"@timestamp":"2017-01-18T11:41:28.753Z","source":"host1","level":"INFO","message":"Some log event"}

Topic		Replies	Views
Replacing @timestamp with actual logtime Logstash	6	335	August 26, 2019
Unable to replace @timestamp with some other field in logstash Logstash	6	2354	September 19, 2017
Replacing @timestamp correctly Logstash	9	527	March 13, 2019
Replace @timestamp with log's time Somebody help me please Logstash	18	2300	July 30, 2019
How to overwrite Log time values with @timestamp Logstash	3	2352	December 26, 2016

Replace @timestamp with actual timestamp from log file

Related topics