Right now the @timestamp field stores the time at which the log event was ingested by Logstash. For production systems that's largely OK, but in the event of an outage, or when onboarding a new client with historical log data, the timestamps will be flat-out wrong.
Let's use the date filter to update the timestamps where appropriate. We'll need different date logic per logfile, depending on the built-in time format.
Right now the
@timestamp
field stores the time at which the log event was ingested by Logstash. For production systems that's largely OK, but in the event of an outage, or when onboarding a new client with historical log data, the timestamps will be flat-out wrong.Let's use the date filter to update the timestamps where appropriate. We'll need different
date
logic per logfile, depending on the built-in time format.