Date type in logstash

I really don't know it's the best place to ask my question.
I use logstash to save logs data in elasticsearch. Grok:

match => ["message", "%{TIMESTAMP_ISO8601:request_timestamp} %{IP:server_ip} %{WORD:request_method} %{URIPATH:request_uri} %{NOTSPACE:request_query} %{NUMBER:port} %{NOTSPACE:username} %{IP:client_ip} %{NOTSPACE:request_agent} %{NOTSPACE:request_referer} %{INT:response_status} %{INT:response_substatus} %{INT:response_winstatus} %{INT:response_timetaken}"]

Data are stored, but when I ask DSL query using DateRange I receive data from outside the range (the query is "show me the logs where logdate is in range"). When I change the column of the range to @timestamp it works - so I suppose logstash saves my date in uncorrect format.
I changed my index template where the column is defined like this:
"request_timestamp" : {
"type" : "date",
"format" : "yyyy-MM-dd HH:mm:ss"

you have to specify the timezone

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.