Hi,
When our logs hit logstash they already include an @timestamp field containing the timestamp of the log line. I also want to generate a timestamp to mark when the message was indexed...
How do I generate a timestamp equivalent to "now" so that it can be saved as an additional field?
Regards,
David
You used to be able to do this automatically with Elasticsearch, but the functionality is deprecated and will be removed in 5.X.
The best you can do is add another field with the current timestamp, at the end of your filters.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.