Official documentation says :
read_timestamp
In case the ingest pipeline parses the timestamp from the log contents, it stores the original @timestamp (representing the time when the log line was read) in this field.
However I am not able to figure how and where to use this read_timestamp? what is the use case where it will be helpful.
You can't configure in the Filebeat config if you want to this field or not. An interesting value you could get out of it is the difference in the time when the event was read vs when the log event actually happened. If you don't need to the field best just ignore it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.