Date filter - timestamp & @timestamp are diffrent

ssasporta · July 29, 2017, 2:34am

Hi,

The timestamp in the log is : 26/Jul/2017:00:00:00

I defined a pattern: HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME}

In the grok I have it : %{HTTPDATE:timestamp}

And this is the filter I do:

        date {
              match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss" ]
        }

The results in output:

  "timestamp" => "26/Jul/2017:00:00:00",

  "@timestamp" => 2017-07-25T21:00:00.000Z,

Why isn't it the same? Any idea?

Thanks
Sharon.

magnusbaeck · August 11, 2017, 6:17pm

timestamp is local time and @timestamp is UTC.

system · September 8, 2017, 6:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.