How to set @timestamp with my timezone?

Elastic Stack Logstash
1

Hi,

Hey guys I woud like to know if it is possible to change the @timezone from logstash to my timezone (Brazil/East).
I need to change the timezone because I am using the -%{+YYYY-MM-dd} to create index with its processing date.
I have already tryed:

 date {
	   add_field => { "timestamp" => "@timestamp" }
       match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
       timezone => "Brazil/East"
       target => "@timestamp"	   
    }

and

ruby {
        code => "event.set('@timestamp','event.get("@timestamp").localtime("-03:00")')"
    }

But it does not work.

I am using Filebeat, Logstash and Kibana version 5.2.2

2

Yah I thought this way a while back, that it was annoying that the indexes rotate at GMT, but then realized all of my queries have date ranges in them and the index timestamp does not matter.

well all the date is stored as an Integer, the TZ and stuff is just meta data. But I think you want to be focusing on the log-stash elasticsearch output as this uses the GMT by default. As that is setting the new "Index" time and it I guess is defaulted as GMT not based on the @timestamp meta info of TZ

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-index

That link says it uses the Joda Time format which I am guessing if you tweak your output statement it will correct your time rotation.

http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html

I never thought about it, but be interested in your results

3

The @timestamp field is by definition UTC. Elasticsearch, Kibana, and other tools assume this and you'll run into various odd behaviors if you mess with this. Please don't.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.