Index creation at 00:00 GMT+2

nkoleff · January 14, 2016, 7:23am

Hello

I've write a custom script that is monitoring my logstashes (3 machines at the moment) - each minute I am writing to my daily index an OK message. If my script detects that there are less than 9 entries for the last 10 minutes - it sends an email and automatically staarts logstash. So far, so good.

I noticed that i receive a bunch of emails from 00:00 to 02:00 GMT+2 (or in other words - from 22:00 - 00:00 UTC) that are saying there are no OK entries in the index. One of my team members noticed also that at 00:00 GMT+2 we don't have an index created, instead we got one at 02:00. GMT+2.

I am wondering is there a way to tell logstash to create the index not in UTC 00:00 but in GMT+2 00:00?

magnusbaeck · January 14, 2016, 8:52am

Not out of the box, no. Other tools rely on timeseries indexes to be UTC-based so it's easier to adapt your script to deal with that reality. Even if they're in local time you still have to deal with the fact that you have to query two indexes when running the query five minutes after the index has rolled over.

IIRC more recent versions of ES can quickly determine that an index doesn't contain any documents in a specific time range, so the impact of querying a very wide number of indexes is small.

Topic		Replies	Views
Automatic create index at 12 AM IST Logstash	3	373	June 12, 2018
Logstash timezone while creating index Logstash	2	652	February 16, 2020
How to adjust daily index creation date to be 12AM instead of 8AM? Elasticsearch	8	2926	July 5, 2017
Index creates in different timezone other than UTC? Elasticsearch	11	9412	October 18, 2018
How can I create 12h based index in logstash Logstash	3	558	October 22, 2017

Index creation at 00:00 GMT+2

Related Topics