How does someone replace @timestamp field in a Logstash pipeline without converting DateTime to a string and then doing a date filter on that column?
mutate {
convert => ["datetime", "string"]
}
date {
match => ["datetime", "ISO8601"]
}
Asked
Active
Viewed 568 times
2
Evaldas Buinauskas
- 13,739
- 11
- 55
- 107
2 Answers
1
To avoid multiple filters, it's possible to perform a simple rename to a field, doing it as follows:
mutate {
id => "sample-rename-timestamp"
rename => {
"datetime" => "@timestamp"
}
}
This will replace message arrival @timestamp with your provided field.
Evaldas Buinauskas
- 13,739
- 11
- 55
- 107
1
Because the jdbc output field datetime is a date type, so we can copy it as @timestamp field.
filter {
mutate {
copy => { "datetime" => "@timestamp" }
}
}
Tao Wang
- 739
- 1
- 5
- 6