Replace @timestamp with timestamp in my message - logstash

pjanzen · January 28, 2019, 3:02pm

Where the <158> is coming from in this example I do not know.
You can update your grok pattern and match for this %{TIMESTAMP_ISO8601:timestamp} that will fill the timestamp variable.

So instead of this:

grok {
   match => { "message" => ["^{timestamp}"] }
}

You get this:

grok {
   match => { "message" => ["^%{TIMESTAMP_ISO8601:timestamp}"] }
}

Then your date match can look like this.

date {
    match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
    target => "@timestamp"
}

Hope this helps.

Paul.

Topic		Replies	Views
Can't replace real log time with @timestamp Logstash	6	1038	August 8, 2019
Replacing @timestamp with timestamp of my log Logstash	18	12806	January 5, 2017
Replacing @timestamp in logstash using grok fails [Solved] Logstash	7	3821	June 28, 2017
Grok filter to Replace @timestamp with my log-time Logstash	13	14347	December 12, 2017
Can i replace logstash timestamp with timestamp of my logfile? Logstash	17	40334	July 6, 2017

Replace @timestamp with timestamp in my message - logstash

Related topics