Date to CST

elasticforme · February 22, 2019, 5:27pm

I have date filed coming from db.
"completed" => "04-12-2018 11:45:17"
would like to convert to CST date field. I used following

date { match => ["completed", "dd-MM-YYY HH:mm:ss"]
target => "completed"
}

It becomes this
"completed" => 2018-12-04T17:45:17.000Z

but it becomes different time. I know it is something to do it UTC and CST. I am in CST I need to change this to CST.
how?

I try timezone=>"CST", inside date filter but it gives me parse error.

Badger · February 22, 2019, 5:38pm

Try

 timezone => "Etc/GMT+4"

or Etc/GMT+6 or Etc/GMT-8, depending on which CST you are referring to. If you want daylight saving for central standard then another option would be CST6CDT.

elasticforme · February 22, 2019, 5:59pm

I just want to keep what ever the time it is. what is it converting ot

[root@test1]# echo "04-12-2018 11:45:17" | /usr/share/logstash/bin/logstash -f test.conf

{
"@version" => "1",
"completed" => 2018-12-04T17:45:17.000Z,
"message" => "04-12-2018 11:45:17",
"@timestamp" => 2019-02-22T17:44:23.267Z,
}
Difference is +6
if I do etc/GMT-6 = 2018-12-04T05:45:17.000Z, ( 6 hour behind.)

I simply just want to keep whatever this time is.
I am in "America/Chicago" timezone.

Badger · February 22, 2019, 6:52pm

All times in logstash and elasticsearch are stored as UTC, 05:45 in GMT+6 is 11:45 in UTC.

elasticforme · February 22, 2019, 7:01pm

Oh I am good now. just did test.

my input is 11:45 logstash convert it, to 17:45

kibana is also showing 11:45 --> good so far.

now question is if I use this data on some other software lets say grafana, is it gone a show 17:45? or 11:45?

elasticforme · February 22, 2019, 7:41pm

Also added time difference. Putting it here so someone else can use it. Here is test config file

input { stdin { } }

filter {
  mutate {
add_field => {
     "completed" => "03-12-2018 12:29:38"
     "submitted" => "03-12-2018 11:29:38"
}
 }
  date {
match => ["submitted", "MM-dd-YYYY HH:mm:ss"]
target => "submitted"
  }
  date {
match => ["completed", "MM-dd-YYYY HH:mm:ss"]
target => "completed"
  }

ruby {
  init => "require 'time'"
  code => "event.set('time_complete_minutes',(event.get('completed')-event.get('submitted'))/60)"
}

}
output { stdout { codec => rubydebug } }

system · March 22, 2019, 7:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Import CSV date format time difference Logstash	7	548	November 15, 2022
Is there anyway to store document to the index pattern {YYYY.MM.dd} but in CST time {YYYY.MM.dd} via logstash? Logstash docker	3	213	April 28, 2023
Logstash don't parse Date field properly Logstash	1	410	January 16, 2018
Timestamp conversion Logstash	2	231	August 19, 2020
Logstash date filter changing my time automatically Logstash	2	432	June 19, 2018

Date to CST

Related topics