How to change time zone from Zulu

elk_2015 · June 18, 2015, 12:56pm

hi,
Below is the source field value in kibana.
_source: “Tue Jun 16 2015 07:00:57 [0x80e00173][network][error] : tid(2559): TCP connection attempt refused from 10.255.215.xxx to 10.255.215.xxx port xxxx” should have @timestamp “2015-06-16T07:00:57.000Z”, rather than “2015-06-16T11:00:57.000Z” (Z stands for Zulu time, aka UTC/GTM). When Kabana display @timestamp, it then converted it to local timezone (local host timezone)…

I still think @timestamp field was not populated correctly w.r.t time zone. I think data time in log is UTC based. So the raw value of @timestamp field should be the same as in log.

How to change time zone from Zulu. Appreciate the quick response.

warkolm · June 18, 2015, 10:18pm

I assume you are using Logstash?
Are you overwriting @timestamp with the value from the log?

elk_2015 · June 19, 2015, 11:33am

hi,
Yes, I am using logstash. yes, I am overwriting the value from the log as I need kibana to display the log time, but not current local time. Can you please provide input here. Below is the code i use.
date{ match => [ "Log_timestamp" , "E MMM dd yyyy HH:mm:ss"]
target => "@timestamp"
"locale" => "en" }

elk_2015 · June 22, 2015, 11:49am

Hi,
Any response to the query is greatly appreciated.
~ELK User

magnusbaeck · June 22, 2015, 1:43pm

If you want the date filter to consider parsed timestamps to be UTC rather than the system's local timezone, set the timezone parameter to "UTC".