In production, kibana default sort is in accordance with @timestamp to sort, but this one @timestamp our client acquisition time, which is often we do not need, what we need is to generate a log of the time, to solve this problem you can build elasticsearch index, the index does not take the default mode, of course, this method is more complicated, you need to know how to use indexes and index elasticsearch; today we study is another way, we will generate a log conversion date as the default @timestamp;
1, we will parse time format is the standard java Date format:
2019-07-19 10:21:49,755
2, the general analysis:
input { stdin {} } filter { grok { match => ["message", "%{TIMESTAMP_ISO8601:times}"] } } output { stdout { codec=>rubydebug{} } }