Date to CST

elasticforme · February 22, 2019, 5:27pm

I have date filed coming from db.
"completed" => "04-12-2018 11:45:17"
would like to convert to CST date field. I used following

date { match => ["completed", "dd-MM-YYY HH:mm:ss"]
target => "completed"
}

It becomes this
"completed" => 2018-12-04T17:45:17.000Z

but it becomes different time. I know it is something to do it UTC and CST. I am in CST I need to change this to CST.
how?

I try timezone=>"CST", inside date filter but it gives me parse error.

Badger · February 22, 2019, 5:38pm

Try

 timezone => "Etc/GMT+4"

or Etc/GMT+6 or Etc/GMT-8, depending on which CST you are referring to. If you want daylight saving for central standard then another option would be CST6CDT.

elasticforme · February 22, 2019, 5:59pm

I just want to keep what ever the time it is. what is it converting ot

[root@test1]# echo "04-12-2018 11:45:17" | /usr/share/logstash/bin/logstash -f test.conf

{
"@version" => "1",
"completed" => 2018-12-04T17:45:17.000Z,
"message" => "04-12-2018 11:45:17",
"@timestamp" => 2019-02-22T17:44:23.267Z,
}
Difference is +6
if I do etc/GMT-6 = 2018-12-04T05:45:17.000Z, ( 6 hour behind.)

I simply just want to keep whatever this time is.
I am in "America/Chicago" timezone.

Badger · February 22, 2019, 6:52pm

All times in logstash and elasticsearch are stored as UTC, 05:45 in GMT+6 is 11:45 in UTC.

elasticforme · February 22, 2019, 7:01pm

Oh I am good now. just did test.

my input is 11:45 logstash convert it, to 17:45

kibana is also showing 11:45 --> good so far.

now question is if I use this data on some other software lets say grafana, is it gone a show 17:45? or 11:45?

elasticforme · February 22, 2019, 7:41pm

Also added time difference. Putting it here so someone else can use it. Here is test config file

input { stdin { } }

filter {
  mutate {
add_field => {
     "completed" => "03-12-2018 12:29:38"
     "submitted" => "03-12-2018 11:29:38"
}
 }
  date {
match => ["submitted", "MM-dd-YYYY HH:mm:ss"]
target => "submitted"
  }
  date {
match => ["completed", "MM-dd-YYYY HH:mm:ss"]
target => "completed"
  }

ruby {
  init => "require 'time'"
  code => "event.set('time_complete_minutes',(event.get('completed')-event.get('submitted'))/60)"
}

}
output { stdout { codec => rubydebug } }

system · March 22, 2019, 7:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Recommended way to force date fields to be UTC Logstash	9	2675	August 31, 2019
Convert Elasticsearch Date/Time field from UTC To Local Time? Elasticsearch	10	18459	October 4, 2021
Date field saved as default timezone Elasticsearch	10	7894	January 17, 2020
Change time zone using date filter Logstash	6	3887	March 15, 2023
Change in Time In elasticsearch and Database Elasticsearch kql-kibana-query-language	4	707	August 18, 2023

Date to CST

Related Topics