The differences between @timestamp and time in log file

lusynda · April 7, 2020, 1:27am

Hi all
I have a question about the @timestamp, i know that @timestamp are what generate by logstash but i dont really know how it work.
For ex: i have a server that are config with time that are wrong. It set the date time to year 2030. So when logstash index the event to elastic it index to the year 2030 index instead of 2020 index, i thought that the @timestamp are gen at the moment that logstash process the file. But in this case the @timestamp are gen according to the time of the server.

Thank for your time.

grumo35 · April 7, 2020, 12:41pm

@timestamp is log creation time replaced as it goes in logstash.

So when you see a log like 2030-20-12-12:23:14 it will become @timestamp at the ingestion.

If you want to add field with logstash time processed use ruby scripts with add field and time.now

Badger · April 7, 2020, 2:48pm

logstash will add @timestamp with the current date/time as events are generated. A lot of configurations overwrite that using a date filter to set @timestamp to the date/time contained in a log entry.

system · May 5, 2020, 2:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.