elasticsearch {
hosts => localhost
index => "logstash(%{+YYYY.MM.dd})"
document_type =>"logstash"
flush_size=>1000
idle_flush_time=>15
}
i didn‘’t set date in logstash
@timestamp April 1st 2018, 00:13:49.395
_index logstash(2018.03.31)
i don‘t know why
That is based on the @timestamp field, which is always in UTC.
can i save my time zone logstash(%{+YYYY.MM.dd}?
maybe change @timestamp
Elasticsearch assumes timestamps are in UTC, so changing this will likely cause problems in other areas. You may be able to create a separate date string you can use based on the original timestamp.
Why do you need the index name to be based on the local timezone?
because i need statistics events daily
but some events before 8 o‘’clock today's Report in the yesterday index
What does the original event and timestamp look like?
like that 2018-04-03T09:54:24.744Z?
Where is your data coming from?
logstash stdout
Where are you collecting it from? Can you post a sample event?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.