Logstash generates indexes based on @timestamp with UTC time, if I want to get documents from
2020-05-08 to 2020-05-09 with my timezone, I need to search indexes logstash-2020-05-07 and
logstash-2020-05-08, if I can change the @timestamp to my timezone direct, I think I can directly search the index logstash-2020.05.08.
therefore, how can i change @timestamp timezone to my timezone or how can i create another field that contains @timestamp with my timezone?
You can create a Kibana scripted field using the Painless language as explained here.
But that field will only be available for querying within Kibana since it is a scripted field. If you want this field to be available in Elasticsearch then you will have to replay/reindex your logs and use the date filter in Logstash to set the timezone.
Hi.Thanks for your feedback.
I won't use Kibana for quering to Elasticsearch.
i want to created a filed same as @timestamp that it on my timezone.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.