Date filter and time zone transition

simonhoenscheid · July 3, 2017, 4:22pm

Hey there,

I'm a bit confused how the date filter is working.

I have a logstash config which is parsing cloudfront logs from an s3 input. which is working really nice. the timestamp in the logfile is UTC. So I added this information in a seperate field and try to parse it. Exspecting the timestamp field will show the time in Europe/Berlin time now, which would add 2 hours.
Can somebody explain where my fault is?

mutate {
add_field => {
"cloudfront_logdate" => "%{date} %{time} UTC"
}
}

date {
match => [ "cloudfront_logdate" , "yy-MM-dd HH:mm:ss ZZZ" ]
timezone => "Europe/Berlin"
}

Output:

"@timestamp" => 2017-06-05T10:13:13.000Z,
"cloudfront_logdate" => "17-06-05 10:13:13 UTC"

Thx for help
Simon

jsvd · July 3, 2017, 5:50pm

the date filter will always convert timestamps to UTC.

The timezone => setting is used to indicate timezone of the original timestamp, which is only necessary if the timestamp format does not specify a timezone, like 2017-12-04 08:00:00 (YYYY-MM-dd HH:mm:ss). In this example, setting timezone to Europe/Berlin, makes logstash convert 2017-12-04 08:00:00 to 2017-12-04T07:00:00.000Z

system · July 31, 2017, 5:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timezone logstash date filter Logstash	5	4877	September 16, 2021
Setting the correct timezone in date filter plugin Logstash	4	12545	September 5, 2018
Date filter - Timezone error Logstash	2	491	August 15, 2017
Timezone for date filter seems not working Logstash	2	2423	July 6, 2017
Timezone issue with logstash date filter plugin Logstash	4	1558	June 27, 2020

Date filter and time zone transition

Related topics