Source: logit.io
A Beginner's Guide to Logstash Filters
One of the most difficult aspects of triaging any business situation is to get a complete picture of what is happening. We want to be able to say things like 'Show me everything that happened at 10:03pm' or 'Show me everything concerning customer id 1103'.
We want the timestamp of the log to be based upon when it occurred, not when it was received. Using this filter you can pick the timestamp out of your log like so date { match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]} In the absense of this filter the timestamp will be based on when Logstash received the event.
We want the timestamp of the log to be based upon when it occurred, not when it was received. Using this filter you can pick the timestamp out of your log like so date { match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]} In the absense of this filter the timestamp will be based on when Logstash received the event.
Related Articles
Community Partners
DevOps Careers