I have some log file for example this:
...
{"timestamp":"Jun 12, 2017 6:19:31 PM","ip":"0:0:0:0:0:0:0:1"}
...
As I want to use the timestamp in the log file, I use a data filter to match it
input {
beats {
port => "5044"
}
}
filter {
json {
source => "message"
}
date {
match => ["timestamp","MMM dd, yyyy HH:mm:ss a"]
target => "@timestamp"
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => 'api_log-%{+YYYY.MM.dd}'
}
}
But when I look into Kibana, I find that the time stamp it creates is June 12th 2017, 06:19:31.000
What I expect is June 12th 2017, 18:19:31.000
I do a little experiment here and I change the original "PM" to "AM". The result is still the same, which means the date filter is not working in the correct way. Can somebody tells me how to fix this?