ELK stack - @timestamp issue

jang · July 10, 2020, 12:51am

hello,

I am using Filebeat, Logstash, Elasticsearch, and Kibana.

I found a problem while checking the data through Kibana.

@timestamp data is 9hours slower than local time.

Of course, I know that i can change the time format through Kibana settings.

but, I'm using the date-form to create indexing from logstash to Elastic Search.
But when I index data from Logstash to ElasticSearch, I'm using the index-name in a date format.

ex) my index-name
testIndex-2020.07.02
testIndex-2020.07.03
testIndex-2020.07.02

I think I should change the time of the @timestamp and index it in an Elastic Search.

my logstash.conf)

I thought of two ways.
first,
It is to change @timestamp in the filebeat.

Second,
parsing @timestamp through filter in local-time in logstash.
but, Parsing all @timestamp per log may seem unnecessary.
I think the second would be to use up a lot of resources.

Please help me. How should I index the @timestamp date?

warkolm · July 12, 2020, 11:00pm

Please don't post pictures of text, they are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

@timestamp is treated as if it is UTC by Elasticsearch. You should use a date filter in Logstash to properly format it.

system · August 9, 2020, 11:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Replacing @timestamp correctly Logstash	9	457	March 13, 2019
@timestamp kibana and log time are differents Elasticsearch	3	5685	May 21, 2019
@timestamp and _index question Logstash	7	701	September 23, 2017
@timestamp Field Different In ElasticSearch from Index Elasticsearch	3	758	February 4, 2020
Problem with @timestamp time in indexes Beats filebeat	22	3028	April 7, 2020

ELK stack - @timestamp issue

Related topics