Hey, I have a question. I stay at UTC+8, and I use filebeat to collect logs from k8s, then sending to es.But the default index segmentation is decided by UTC, not UTC+8. So I will find logs of 2021.9.1(UTC+8) in filebeat-2021.08.31 16:00 to filebeat-2021.09.01 15:59(show in figure 1). I expect to find my logs in filebeat-2021.09.01 00:00 to filebeat-2021.09.01 23:59. I want to know how to configure filebeat to achieve it.
figure 1:
Nevertheless, I find the code from souce:
is right?
Welcome to our community! 
(PS - please don't post pictures of text or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them 
)
You cannot do this as the Stack works entirely in UTC.
It is not possible, Elasticsearch uses UTC to store dates and you can't change that.
If your dates have timezone information Kibana will convert it without any problem and when you filter from 2021.09.01 00:00 to 2021.09.01 23:59 it will show the data in this interval regardeless of the index they are.
thanks. I have a question. Could I change formatter like DateFormatter to transform string pattern from UTC to UTC+8? For example, the actual UTC time is 2021-09-12,00:00, but through the formatter, the index string is started with 2021-09-11.
I'm sorry, I didn't understand your last question.
You mean change the filebeat code and build it from source to have the index named based on your local time and not UTC?
You will need to test it out, but as Warkolm said, the stack works entirely with UTC, I would not recommend changing anything like that.
Thank u.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.