Set @timestamp value

Roque_Moyano · July 5, 2017, 4:17pm

Hi , I have a situation , I need to send a lot of "old" logs to our ELK stack , I was doing some tests , and I realized that when logstash send the logs to elasticsearch it is seting the @timestamp field with the current date. So I can't use the date filter from kibana dashboard. I know that I can set another field with the old date logs , but is there any way to :

set timestamp field with the logs date value or
tell to kibana to search the date logs in a new field instead of @timestamp in order to use the date filter from kibana dashboard.

thanks in advance.

Charles.w · July 5, 2017, 5:22pm

Hi,

You can use the date filter plugin to parse the timestamp found within your logs and replace the default @timestamp value.

Best regards,

Charles Casadei.

system · August 2, 2017, 5:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.