Filebeat Apache module add timezone due to UTC conversion

Elastic Stack Beats
1

Hello,

I realised that with logs like this

[Tue Jul 02 17:40:34.827535 2019] [weblogic:error] [pid 11619:tid 140101724120832] [client 10.10.130.151:50833] <1161915620604214988> Write to the client failed: calling URL::close at line 559 of BaseProxy.cpp, referer: https://xyz.com/cmrs/jsp/Main.jsp

as an apache error log, the timestamp was assumed to be in UTC already. This cause kibana to show the time +8 hours more (+8 here).

I would like to check that if i were to edit the pipeline.json file and adding the
"timezone": "Singapore" would fix the issue?

"date": {
        "field": "apache.error.timestamp",
        "target_field": "@timestamp",
        "formats": ["EEE MMM dd H:m:s yyyy", "EEE MMM dd H:m:s.SSSSSS yyyy"],
        "timezone": "Singapore",
        "ignore_failure": true
      }
2

I have tested with some fake data. Silly me to post here.
Setting "timezone": "Singapore" fixed the issue.
The apache ingest pipeline now recognize the data in the pipeline to be in Singapore timezone and converts it to UTC when placed into elasticsearch. Kibana then convert UTC back to Singapore timezone for displaying purposes.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.