Hi,
Hope I'm in the right section and will form the right question.
So my situation. I'm using logstash+elasticsearch+kibana for parsin some logs, CSV.
Parsing works perfectly.
I've got two date fieds, submission_time and delivery_time.
I matched the submission_time value to @timestamp and also to the same field for more human readable value.
@timestamp works perfect, correct time zone. While the submission_time and delivery_time show the UTC time.
How can I change the "type of field" to show my local time?
Currently my filter is something like that:
date
{
match => [ "submission_time","UNIX" ]
target => "submission_time"
}
date
{
match => [ "delivery_time","UNIX" ]
target => "delivery_time"
}
I've tried with addint the "timezone" field, but no success.
Can you help? 
Thank you!
Mario
I matched the submission_time value to @timestamp and also to the same field for more human readable value.
Human readable where?
@timestamp works perfect, correct time zone. While the submission_time and delivery_time show the UTC time.
Where?
What's the mapping of the submission_time and delivery_time fields?
This is my filer in .conf file:
date {
match => ['submission_time', 'UNIX']
}
date {
match => ['submission_time', 'UNIX']
target => 'submission_time'
}
date {
match => ['delivery_time', 'UNIX']
target => 'delivery_time'
}
and my result:
@timestamp April 7th 2017, 18:33:59.000 <-- OK
submission_time 2017-04-07T16:33:59.000Z
delivery_time 2017-04-07T16:33:59.000Z
2 hour difference. I'm guessing i need to to change type of field?
BR,
Mario
What are the mappings of the fields in Elasticsearch? Use ES's get mapping API.
{
"bkki-2017.04.07" : {
"mappings" : {
"logs" : {
"submission_time" : {
"full_name" : "submission_time",
"mapping" : {
"submission_time" : {
"type" : "date"
}
}
}
}
}
}
}
"bkki-2017.04.07" : {
"mappings" : {
"logs" : {
"delivery_time" : {
"full_name" : "delivery_time",
"mapping" : {
"delivery_time" : {
"type" : "date"
}
}
}
}
}
}
}
That's surprising. I thought Kibana formatted all timestamps and not just @timestamp.