Changing timezone

Necus · October 18, 2019, 2:32pm

Hi,
I'm trying to change timezone for time logs, but for some reason after configuration nothing has changed. What I have done:

copying default date/time field:

mutate {
copy => {"time" => "new_time"}
}

changing timezone:

date {
match => ["even_time", "MMM dd, yyyy @ HH:mm:ss.SSS", "MMM d, yyyy @ HH:mm:ss.SSS"]
timezone => "MST"
target => "new_time2" #I have already tried with new_time
}

"new_time" field is created correctly but unfortunatelly it has the same time zone as "time" field. I'm using Joda-Time - Java date and time API - Time Zones as reference name for timezone.

time field format:
Oct 18, 2019 @ 18:23:19.000

Any ideas?

yaauie · October 18, 2019, 5:11pm

Time objects within Logstash are represented in UTC.

The timezone directive in the Logstash Date Filter provides context for parsing the timestamp into an object representing a specific point on the timeline; once the timestamp is understood, it will be transformed into UTC for storage on the event.

I also would advise using one of the timezonedb timezone names in the format of "${CONTINENT}/${EXAMPLE_CITY}" (e.g., America/Denver), which will account for the entire ruleset of the timezone (including daylight savings switches).

Necus · October 20, 2019, 11:21am

Thank you for answer, how exactly can I make this timestamp to be understood by ELK? Elasticsearch and Kibana automatically proceed with this field as the data field. What else can I change to make this right?

system · November 17, 2019, 11:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.