logstash - indexed time different from logged time - kibana

Question

The indexed time of the log is different from the logged time of the log.

Logged time - 2021-01-25 04:19:18,002

Indexed time - Jan 25, 2021 @ 04:19:27.750

There is a 10 seconds delay when comparing both the timestamps. Is there a way to make the indexed timestamp same as the logged time timestamp.

question from:https://stackoverflow.com/questions/65878796/indexed-time-different-from-logged-time-kibana

Answer 1

You need to use a date filter to set the @timestamp to the timestamp field of the log.

So if you've got the time in a field called log_time, you'd use a date filter like this:

            date {
                    match => [ "log_time", "ISO8601" ]
            }

See the logstash documentation for additional details on how the date filter works.