ELK stack - @timestamp issue

hello,

I am using Filebeat, Logstash, Elasticsearch, and Kibana.

I found a problem while checking the data through Kibana.

@timestamp data is 9hours slower than local time.

Of course, I know that i can change the time format through Kibana settings.

but, I'm using the date-form to create indexing from logstash to Elastic Search.
But when I index data from Logstash to ElasticSearch, I'm using the index-name in a date format.

ex) my index-name
testIndex-2020.07.02
testIndex-2020.07.03
testIndex-2020.07.02

I think I should change the time of the @timestamp and index it in an Elastic Search.

my logstash.conf)

I thought of two ways.
first,
It is to change @timestamp in the filebeat.

Second,
parsing @timestamp through filter in local-time in logstash.
but, Parsing all @timestamp per log may seem unnecessary.
I think the second would be to use up a lot of resources.

Please help me. How should I index the @timestamp date?

Please don't post pictures of text, they are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

@timestamp is treated as if it is UTC by Elasticsearch. You should use a date filter in Logstash to properly format it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.