8 hours difference in time zone

chenzilong444 · April 3, 2018, 9:11am

elasticsearch { 
					hosts => localhost	  	
					index => "logstash(%{+YYYY.MM.dd})"  
					document_type =>"logstash"
					flush_size=>1000 
				idle_flush_time=>15
					}

i didn‘’t set date in logstash
@timestamp April 1st 2018, 00:13:49.395
_index logstash(2018.03.31)
i don‘t know why

Christian_Dahlqvist · April 3, 2018, 9:43am

That is based on the @timestamp field, which is always in UTC.

chenzilong444 · April 3, 2018, 9:51am

can i save my time zone logstash(%{+YYYY.MM.dd}?
maybe change @timestamp

Christian_Dahlqvist · April 3, 2018, 9:55am

Elasticsearch assumes timestamps are in UTC, so changing this will likely cause problems in other areas. You may be able to create a separate date string you can use based on the original timestamp.

Why do you need the index name to be based on the local timezone?

chenzilong444 · April 3, 2018, 10:00am

because i need statistics events daily
but some events before 8 o‘’clock today's Report in the yesterday index

Christian_Dahlqvist · April 3, 2018, 10:02am

What does the original event and timestamp look like?

chenzilong444 · April 3, 2018, 10:11am

like that 2018-04-03T09:54:24.744Z？

Christian_Dahlqvist · April 3, 2018, 10:24am

Where is your data coming from?

chenzilong444 · April 3, 2018, 11:12am

logstash stdout

Christian_Dahlqvist · April 3, 2018, 11:29am

Where are you collecting it from? Can you post a sample event?

system · May 1, 2018, 11:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.