Date Filter Woes

wwalker · July 29, 2019, 3:21pm

I have a field that tracks when a ticket was created, sys_created_on. The time is in local timezone, -05:00 currently. I have the following logstash config:

  date {
    match => [ "sys_created_on", "yyyy-MM-dd HH:mm:ss" ]
    timezone => "America/Chicago"
  }

In Kibana, I am using the @timestamp field as the time field. When events come up in Kibana, they show a time that is five hours in the future. When I look at the JSON data, it is showing a timestamp 10 hours in the future. What the hell am I doing wrong??

guyboertje · July 30, 2019, 4:40pm

What timezone is the logstash server running in?

It should be UTC. Try setting TZ=UTC as a shell variable before invoking LS.

e.g. TZ=UTC bin/logstash -f ...

system · August 27, 2019, 4:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.