[Oisf-users] timestamp problem with logstash v1.3.x and eve.json
Stefan Sabolowitsch
Stefan.Sabolowitsch at felten-group.com
Mon Feb 10 18:22:31 UTC 2014
Hi all,
there are problems with the timestamp suri / eve.json.
Starting with version 1.3.0 allows logstash microseconds with three digits only, but suri / eve.json use six digits.
Currently i help myself with this trick, in which i cut off the last three microseconds digits:
mutate {
gsub => ["timestamp", "\d{3}$", ""]
}
}
Will there be a solution here?
regards
Stefan
More information about the Oisf-users
mailing list