Hi, I'm running logstash with kafka as input plugin and syslog as output plugin.
For kafka , all the messages are with local timezone/required timezone but while sending to syslog logstash is adding a timestamp in front of each message(i.e in UTC). How can i change those timestamp?
ex:
Aug 13 05:43:41 REDIS-LOG {"kubernetes":{"pod":{"uid":"ac360b5a-2dc5-459f-8c3b-e0eb236d31fc","name":"redis-master-67c9ffcd9f-tvmvb"}},"ecs":{"version":"1.1.0"},"agent":{"hostname":"filebeat-z7z6r","version":"7.5.1","ephemeral_id":"8f1310ba-4512-40f3-9406-0672fb8bd63f","type":"filebeat","id":"21f6b5b4-71d5-4a19-8341-996a66cef946"}
The syslog output unconditionally (in both the if and the else branches) adds a timestamp based on @timestamp, which is normally UTC. If you want the syslog timestamp to be in a different timezone you will have to change the timezone of @timestamp.
Thanks, is there any way to change timestamp in config yaml or i need to change the base code?
if config yaml has parameter to change please let us know, it would great help!!1
filter configuration you mean filter plugin? if yes, then we can add filter plugin in yaml right?
or can we remove this parameter completely, anyways we have timestamp in the messages so we don't need this @timestamp parameter..
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.