Hi,
I connected my DHCP server using filebeat that send the data on ELasticSearch.
I’d like to understand the message fields that involves time.
I mean, looking Kibana I have the field below:
“timestamp”: “2019-06-17T16:29:36.521Z”,
“header”: “Jun 17 16:35:28 W7-SERVICES filebeat -”
Can somebody explain me the header meaning?
Why I have two different date time, and when I should expect this async situation?
Thanks
Gianluca
it looks that his is created from your log by filebeat. So your configuration has added that.
Hi @jan
if my filebeat configuration added it, I should find header field in Graylog AllMessages stream, isn’t it?
Instead I cannot see that field…It only appears as additional field in the output message
Sounds good for you?
Gianluca
@jan,
just from my understanging.
timestamp
is a field that Graylog set when the event come in or can be set by source input (in my case filebeat)?
Because in the last scenario, it does not contains always the same value (with the same criteria).
When Input or Graylog is down, what timestamp value is set?
Thanks
all sending sources should contain a timestamp field - if that is unreadable Graylog will take now at the moment of processing and place it in this timestamp.
Thanks @jan.
So timestamp field could be considered ‘the source event-time’.
Thanks for the explanation
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
