Index create late date

(ssh) #1

Hi there

Could you someone figure out this?

Let me say my scenario first.

I stream app logs using tcp input , then use grok filter , after that use ship to amazon elastic search domain.

I stream two app logs actually.
eg; app1 comes from tcp port 5509, app2 comes form tcp port 5508

It sounds really work 3 months and reliable.
But now I found app2 log not coming anymore these days.
when I check I found index doc date is one day late. plz see yellow box in pic.

why index is one day late? my output filter is like this

output {
amazon_es {
hosts => ["host1234"]
region => "ap-southeast-1"
aws_access_key_id => "id1234"
aws_secret_access_key => "key1234"
flush_size => 50000
idle_flush_time => 10
index => "logstash-%{+YYYY.MM.dd}"

have anybody experienced on this?
i would appreciated if someone point out to me.

(Magnus B├Ąck) #2

The index name is based on the UTC timestamp stored in @timestamp. Kibana by default adjusts @timestamp to the browser's timezone. You can see the raw @timestamp value in the JSON tab.

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.