Setting the timestamp to a value when sending data to Elasticsearch

lstropole

Hello Guys, when i trying to pushing data inside the Elasticsearch. that time data take place inside the elastic with current timestamp. but i wanna set event in the elastic with given time. for achieving this i try this one. but didn't get success:

xpac xpac

Doesn't Elastic use @time instead of _time?

lstropole

internally elastic using @timestamp but i think _time mapping with the @timestamp

Clint Sharp

`_time` is automatically mapped to `@timestamp`;, but it should be in the format `<seconds>.<milliseconds>`. If you want it to be in ISO8601 like Elastic wants, you can set `@timestamp`; directly in that format.

lstropole

yes, i tried this one but `_time` always taking the current time in `miliseconds` when insert in the elastic. not going to map on the required time

lstropole

Configuration :-

lstropole

Output:-

lstropole

unable to find the any datetime field

Robbert Hink

<@U023CN0RVMZ&gt; if you haven't created an <https://www.elastic.co/guide/en/elasticsearch/reference/current/index-templates.html|index template> for your index pattern, the field will be mapped as `long` field, because Elasticsearch's <https://www.elastic.co/guide/en/elasticsearch/reference/current/dynamic-mapping.html|dynamic mapping>, recognises it as a number rather than a date, so it won't show up as a timestamp field.

lstropole

<@U04PBMSJVHQ&gt;, is there any way to set Elasticsearch `@timestamp`; from cribl side ?

lstropole

Thank you team for the support, i have resolved the issue using this:-