Filebeat sample config replaces log timestamp

[pnowak85]

I setup up the logback EscEncoder and filebeat as described in the docs and noticed a strange behavior.
The timestamps in elastic/kibana where not the same as in my json log files (a few milliseconds to minutes off). The timestamp in elastic was always the indexed/read timestamp from filebeat but not the actual timestamp from the log line.

While discussing this with @xeraa, he mentioned the json.overwrite_keys property.

Setting this property to true fixes this.

Please update the sample docs for the filebeat setup to avoid confusions.

json:
    keys_under_root: true
    overwrite_keys: true

[felixbarny]

Good catch, thanks!

[pnowak85]

Thanks for the fast reponse.

Please also update the With filebeat.yml configuration file section

[xeraa]

Done in 8fc5553

Thanks Peter!