Hello, Is it possible to change the timestamp format for a logfile within filebeat?
I get this error so I need to change it.
2017-07-27T14:41:03+02:00 ERR JSON: Won't overwrite @timestamp because of parsing error: parsing time "2017-05-12T18:58:42+0000" as "2006-01-02T15:04:05Z07:00": cannot parse "+0000" as "Z07:00"
Do you have any suggestion on how I can ship the logs to Logstash with the correct timestamp?
if you don't store the timestamp in @timestamp, it will be shipped as string to logstash. This will allow you to parse the timestamp in logstash.
If you don't need multiline after json, you can also send the raw line to logstash and have logstash parse the json.
Thank you for your reply, sadly it has to be sent as @timestamp due to difficulties changing the log format.
If you don't store the json in the root document the @timestamp field is not parsed by filebeat. This allows you to post-process/parse the document via elasticsearch ingest pipeline.
New ticket: https://github.com/elastic/beats/issues/4836
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.