Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
777 views
in Technique[技术] by (71.8m points)

logstash - indexed time different from logged time - kibana

The indexed time of the log is different from the logged time of the log.

Logged time - 2021-01-25 04:19:18,002

Indexed time - Jan 25, 2021 @ 04:19:27.750

There is a 10 seconds delay when comparing both the timestamps. Is there a way to make the indexed timestamp same as the logged time timestamp.

question from:https://stackoverflow.com/questions/65878796/indexed-time-different-from-logged-time-kibana

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You need to use a date filter to set the @timestamp to the timestamp field of the log.

So if you've got the time in a field called log_time, you'd use a date filter like this:

            date {
                    match => [ "log_time", "ISO8601" ]
            }

See the logstash documentation for additional details on how the date filter works.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...