I am facing time matching issue in kibana. My log files have an older timestamp but when I parse the logfiles, the @timestamp picks up the current timestamp instead of the original time of the log file.
Here is an example of my logfile entry:
2015-12-25 17:39:45+0000 [SSHChannel session (0) on SSHServicessh-connection on HoneyPotTransport,21438,220.166.50.228] Closing TTYLog: log/tty/20151225-173944-319eb90f.log
I am using grok to match the timestamp using regex and storing it in mytimestamp field.
grok {
match => ["message", "(?<mytimestamp>%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day} %{TIME:time}%{ISO8601_TIMEZONE})"]
}
I am then matching with the date filter to make kibana use the log file timestamp.
#Matches with timestamp
date {
match => [ "mytimestamp" , "yyyy-MM-dd HH:mm:ss" ]
}
I read some of the older questions on stackoverflow and tried to solve my problem based on them but I guess I am missing some key thing in this.
