I have the below log file created by the application and the timestamp value is recorded in "@timestamp" but logstash is unable to use that timestamp and failing to push this value to elasticsearch
i tried to use the date filter to push this value to elasticsearch but logstash is current time value in @timestamp value which is not helping here
date {
match => ["@timestamp", "yyyy-MM-dd HH:mm:ss.SSS"]
timezone => "Europe/Paris"
}
[logstash.filters.json ] Unrecognized @timestamp value, setting current time to @timestamp, original in _@timestamp field {:value=>""2019-08-30 13:38:25.864""}
[logstash.filters.json ] Unrecognized @timestamp value, setting current time to @timestamp, original in _@timestamp field {:value=>""2019-08-30 13:38:25.851""}
How can i assign the @timestamp value generated by the logs to be pushed in the default timestamp ?
Your problem is that your JSON contains a field called @timestamp that contains a string, and logstash expects @timestamp to be a LogStash::Timestamp, so the json filter stores it in _@timestamp. Just change your date filter to match that
match => ["_@timestamp", "yyyy-MM-dd HH:mm:ss.SSS"]
Hi Badger - Tried the above one but i am still seeing the @timestamp value generated by the application is not able to processed by logstash
Currently the message field is received as a string filed by logstash which contains the timestamp value and used the json filter to extract the values and then i applied the date filter to get the timestamp value
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.