Hi,
I have Logstash sending data to Found right now and 've specified how Found should parse my date timestamps in the config file as follows:
filter {
date {
locale => "en"
match => [ "timestamp","MMM dd yyyy HH:mm:ss" ]
timezone => "UTC"
}
}
My log lines look like this:
Dec 07 2015 09:52:36 UTC ---------workernode2---------------------- file-descriptors 3316,64,
The problem is when I search for these log lines in Kibana, I see the seconds value is sometimes off by a second. The values for hours and minutes are parsed correctly and translated correctly from UTC to my timezone (India time).
Example 1: Found picks up the incorrect seconds value- should be 36 but we get 37 in timestamp
@timestamp:December 7th 2015, 15:22:37.060 message:Dec 07 2015 09:52:36 UTC ---------workernode2---------------------- file-descriptors 3316,64,
Example 2: Found picks up the correct seconds, hours and minutes value
@timestamp:December 7th 2015, 15:24:06.193 message:Dec 07 2015 09:54:06 UTC --------namenode0----------------------- file-descriptors 13897,63
Am I missing anything and do I need to change my config file ?
Thanks,
Rishi.