hi i have same string in log :
1465301456.359 127.0.0.1 127.0.0.1 0.036 GET /cashier/manipulation/searchDBy
as you see date in hear in unix format so i'm use date filter
date {
#match => ["msec", "YYYY.MM.dd HH:mm:ss", "UNIX"]
match => ["msec", "UNIX"]
target => "msec"
timezone => "Europe/Kiev"
}
but still parsing get a date in UTC
@timestamp June 7th 2016, 15:10:02.159
msec 2016-06-07T12:10:56.359Z
how i can convert unix time not UTC
The date filter is designed to translate a timestamp into ISO8601 format, typically in "Zulu" time notation (the Z at the end of the line), which implies UTC time. By definition, a unix timestamp is already considered to be UTC time, so I believe any specified timezone would be ignored for such a conversion.
If I understand correctly, then I can not change the time zone in the converted date?
No, because unix epoch is in UTC
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.