Reputation: 3245
Clarification on logstash timestamp
My application receives log events via logstash and it's timestamp is as follow
"@timestamp" => "2015-12-14T10:59:00.231Z"
Using joda library I can easily convert this to a long value. However there are cases where the time stamp is not in the form of ISO8601. How can I convert such a timestamp without knowing the actual format?
How is this handled in kibana? kibana allows us to override the tiemstamp using the date filter,basically I need to search over a time period using this time stamp as in kibana.
Appreciate your thoughts.
Upvotes: 0
Views: 63
Answers (1)
Reputation: 16362
Kibana is expecting the date in the "correct" format, so you need to get it all worked out when the date comes through logstash.
You can pass multiple formats to the date{} filter, and it will try each one. You can use the joda date format patterns to create your own format.
Upvotes: 1
Related Questions
- Logstash _dateparsefailure matching timestamp with date plugin
- Issue regarding Timestamp in ELK?
- Logstash date parsing as timestamp using the date filter
- Logstash to convert epoch timestamp
- Writing to @timestamp in LogStash
- Logstash: timestamp pattern
- Logstash cannot recognise log time
- Terms against Time in Kibana
- Logstash converting date to valid joda time (@timestamp)
- Is the @timestamp field needed when using Logstash to store in Elasticsearch?