To create a date field in logstash

sagarleo · April 4, 2019, 9:29am

I'm trying to create a date field using logstash filter . The field i created extracts time part from logs but when trying to visualize in kibana as date histograms. This newtimestamp field i created in logstash do not appear.
I am using elk 6.6.2 version and filebeat version 6.2.1
Here are the screenshots.

Below is my logstash filter config file.

input {
  beats {
    port => "5044"
  }
}
# The filter part of this file is commented out to indicate that it is
# optional.
filter {
grok {
    match => [ "message", "%{TIMESTAMP_ISO8601:newtimestamp} %{GREEDYDATA:message}" ]
  }

date {
    match => ["newtimestamp", "YYYY-MM-dd HH:mm:ss.SSS"]
    target => "newtimestamp"
  }
}
output {
    elasticsearch {
        hosts => ["http://localhost:9200"]
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    }
        stdout {codec => rubydebug}
}

Please help me on this Sir/Ma'am.

BKG · April 6, 2019, 8:55am

You might need to add it in the Kibana index template.

system · May 4, 2019, 9:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.