Filebeat Apache module add timezone due to UTC conversion

TsuWeiQuan · July 3, 2019, 1:05am

Hello,

I realised that with logs like this

[Tue Jul 02 17:40:34.827535 2019] [weblogic:error] [pid 11619:tid 140101724120832] [client 10.10.130.151:50833] <1161915620604214988> Write to the client failed: calling URL::close at line 559 of BaseProxy.cpp, referer: https://xyz.com/cmrs/jsp/Main.jsp

as an apache error log, the timestamp was assumed to be in UTC already. This cause kibana to show the time +8 hours more (+8 here).

I would like to check that if i were to edit the pipeline.json file and adding the
"timezone": "Singapore" would fix the issue?

"date": {
        "field": "apache.error.timestamp",
        "target_field": "@timestamp",
        "formats": ["EEE MMM dd H:m:s yyyy", "EEE MMM dd H:m:s.SSSSSS yyyy"],
        "timezone": "Singapore",
        "ignore_failure": true
      }

TsuWeiQuan · July 3, 2019, 2:21am

I have tested with some fake data. Silly me to post here.
Setting "timezone": "Singapore" fixed the issue.
The apache ingest pipeline now recognize the data in the pipeline to be in Singapore timezone and converts it to UTC when placed into elasticsearch. Kibana then convert UTC back to Singapore timezone for displaying purposes.

system · July 31, 2019, 2:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Changing timezone in pipeline does not show correct in Kibana Beats filebeat	1	660	August 23, 2019
Filebeat 7.3 Timezone Issues with System Module Beats filebeat	6	1007	September 18, 2019
Filebeat TimeZone Issue Beats filebeat	4	2019	August 28, 2019
Apache module bad timestamp from error log file Beats filebeat	2	1118	October 24, 2018
[Still Not Solved!] Filebeat cannot recognize timezone in syslog Beats filebeat	25	5558	August 28, 2019

Filebeat Apache module add timezone due to UTC conversion

Related topics