ElasticSearch indexing events from previous date into current date logstash-* folder

(Raghu Eswaraiah) #1

Elastic search is indexing the events from November 19th 2015, 18:00:00.000 into logstash-2015.11.20.

Could you please let us know why events from previous date are getting indexed into current date?

Elasticsearch data indexing for logstash
(Mark Walkom) #2

This is a Logstash problem, ES only indexes what is sent to it.

It'd help if you provided more information, versions, what your config looks like, etc.

(Magnus Bäck) #3

Keep in mind that Logstash goes by UTC. So when you're saying Nov 19 at 18:00, what timezone is that? If it's UTC-6 or anything west of that the data is going to be indexed in logstash-2015.11.20.

(Raghu Eswaraiah) #4

I am using CST timezone.

(Magnus Bäck) #5

I assume you mean Central Standard time (UTC-6) rather than China Standard Time. In that case what you're seeing is the expected behavior.

(Raghu Eswaraiah) #6

Yes, that's correct. And also How to set @timestamp timezone? gave me some more information.

Thank you :):smile:

(system) #7