How can I get the default `@timestamp` on elastic output?
Answers
-
Then, it shows up in the proper place: ```{"create":{"_index":"interfaces-sensors-ptx","pipeline":"remove_id","_id":"885zjZkprnmYaz69"}}```
0 -
I think this should be a little clearer: ```Elastic pipeline: To send data to an Elastic Ingest pipeline, optionally enter that pipeline's name as a constant.```
0 -
optionally should not be there. It should say JavaScript or quoted constant.
0 -
<@U03CJ90F91A> :point_up:
0 -
Sheesh, <@UUP82DJHE>, nothing like calling me in at the end of a crazy long thread. But thanks for tagging me, I'll see if we can get that cleared up.
0 -
Hi <@U0410L186KS>, if you just want to add the new @timestamp field to the event, in place of _time... this is an easy way to create a field with special characters.
0 -
`__e['@timestamp';]`
0 -
<@U02JJLAGJHF> Thanks. I also see that "undefined". Learning the tricks
0 -
then "undefined" just eliminates that other `_time` field from the event. Enjoy!!!
0 -
What is so special with `__e` ?
0 -
Yep, steal the time from _time, throw it into a new custom field, then get rid of _time.
0 -
__e allows you to create/reference fields with custom characters.
0 -
Refer to this for more info: https://docs.cribl.io/stream/introduction-reference#special-chars
0 -
Sometimes you will need to reference a field from a source that uses those "non standard" characters, etc. This way you can still use that data, or correct it, before moving on. OK? Good Luck <@U0410L186KS>
0 -
Got it.
0
