I am sending logs from NLog to ElasticSearch. So , when I saw in ElasticSearch part I see that @timestamp shows wrong , it shows 2 hours early.
I saw default @timestamp working wrongs, I added my time in NLog.config, but when I check Elasticsearch then my time now is working fine but it seems text format , I expected date format.
In NLog.config file:
<target xsi:type="BufferingWrapper" name="ElasticSearch"
flushTimeout="5000">
<target xsi:type="ElasticSearch"
index = "logstash-${date:format=yyyy-MM-dd}"
uri = "http://localhost:9200/"
includeAllProperties ="true">
<field name="host" layout="${machinename}"/>
<field name="message" layout="${message}"/>
<field name="src" layout="${logger}"/>
<field name="time" layout="${longdate}"/>
</target>
</target>
why time seems text format? How can I change Date format?
Is there way inside NLog.config I can change @timestamp field which is using default in ElasticSearch.
I've added my own field timeStamp and it works for me:
<field name="timeStamp" layout="${date:universalTime=true:format=yyyy-MM-ddTHH\:mm\:ss.fffZ}"/>
Full target configuration:
<target name="elastic" xsi:type="BufferingWrapper" flushTimeout="5000">
<target xsi:type="ElasticSearch" layout="${message}"
uri="http://x.y.z.i:9200"
index="log-${date:format=yyyy.MM.dd}"
documentType="logEvent">
<field name="hostName" layout="${machinename}"/>
<field name="timeStamp" layout="${date:universalTime=true:format=yyyy-MM-ddTHH\:mm\:ss.fffZ}"/>
<field name="loggerName" layout="${logger}"/>
</target>
</target>
Our Elastic Search version is 7.12.0