Hello, I understand that Elasticsearch stores timestamp in UTC format internally, which are an hour behind my local time (UK time). I would like to add a field that shows the correct local time, am I right in thinking I need to do something with a Ruby filter as in this post:
...or is there a simpler way to do it?
Thanks.
I think the code would be something like:
filter {
ruby {
code => "event['local_time'] = event['@timestamp'].localtime('+01:00')"
}
}
But I'm unsure how to get that value in a new field
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.