I use to copy logs from server to local machine and I mapped log path as a local path in logstah.conf.
Now i can able to see indexes and the log has been updated in kibana successfully, but the issue here is in Kibana its showing timestamp as my local time stamp but I want to use a timestamp which written inside my log file. Is there any way to pick timestamp from log file? Please helps me with this.
Can do, there's two options:
- turn off date formatting. Management -> Index management -> find the date field -> click the edit icon on the rightmost column, select format as "string"
- change the configured timezone. Management -> advanced settings -> dateFormat:tz
I did option one but not difference still it showing timestamp when the logs moved to my local folder not the one written inside log.
In the configuration file you can match the date which is inside the file and remove the timestamp field
for e.g
filter {
date {
match => [ "timestamp", "dd-MMM-yyyy HH:mm:ss" ]
remove_field => ["timestamp"]
}
}
you have to specify the time field inside the log file.Please refer
https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
Thumbs up to ^. I'd check to make sure where this is happening, it looks like something at the ingest layer may be parsing the timezone. If you take a look at the raw json in your index curl -XGET evbooking-2018.07.09/_search you can see what it looks like without Kibana in the way.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.