Ingest Pipeline - Date Processor Timezone

tmslara.a · April 5, 2023, 7:40pm

Hello,

I'm trying to configure an ingest pipeline using Kibana. I'm ingesting data into Elasticsearch using filebeat and this pipeline. Among other fields, I'm ingesting the document's timestamp. To "parse" the date from the input into Elasticsearch I'm using the Date processor. I want to specify that the timestamp that I'm ingesting is not in UTC but in my server's local timezone.

How can I configure the processor to use my local timezone?

Best regards,

leandrojmp · April 5, 2023, 8:10pm

You need to use the timezone option as described in the documentation.

tmslara.a · April 5, 2023, 8:32pm

Thank you for your answer. I understand that I have to configure the timezone option. However, I'm not sure of the option that I should specify to set the timezone to 'local' or 'browser'

leandrojmp · April 5, 2023, 9:31pm

The timezone in the date processor should be set to the timezone of your log that is using your server local timezone as you said.

So you need to get the name of the timezone that your server is and put this in the timezone option in the date processor.

For example, if the timestamp in the logs messages are in the New York timezone, you would use America/New_York in the date processor.

tmslara.a · April 5, 2023, 9:57pm

Thanks.

I set my timezone manually and it worked. I wanted to know if this timezone could be automatically set based on my server. As far as I understand (from your answert) it is not possible.

However, this is the solution. Thanks again.

stephenb · April 5, 2023, 10:37pm

What are you using to ship the logs to elasticsearch?

Filebeat or Elastic Agent should do this for you assuming your server has the correct timezone

tmslara.a · April 6, 2023, 1:53pm

I'm using filebeat

stephenb · April 6, 2023, 3:48pm

So check the timezone of the server.... filebeat uses the timezone of the server when it ships logs, it does convert that to UTC

so you can test this by setting adding the locale

processors:
  - add_locale: ~

And then run and look at the output and check to see if it is accurate

example

{"@timestamp":"2023-04-06T15:46:19.877Z","@metadata":{"beat":"filebeat","type":"_doc","version":"8.6.2"},"event":{"timezone":"-07:00"} ....

system · May 4, 2023, 3:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timezone in Ingest Pipeline Kibana ingest-pipeline	3	766	March 28, 2023
Filebeat TimeZone Issue Beats filebeat	4	2019	August 28, 2019
_ingest.timestamp does not match my local time Elasticsearch ingest-pipeline	4	393	December 5, 2023
Changing timezone in pipeline does not show correct in Kibana Beats filebeat	1	660	August 23, 2019
Ingest Pipeline data processor adds hours Elasticsearch	3	1673	February 13, 2020

Ingest Pipeline - Date Processor Timezone

Related topics