Is auto-generated @timestamp field will always be in UTC timezone?

patilsharanu · September 10, 2020, 7:47am

Query: @timestamp field is auto-generated and its in UTC timezone. Will is it always be in UTC or will it change in future releases?

[Input source](input.txt):
1524206424.034   19395 207.96.0.0 TCP_MISS/306 15363 GET http://elastic.co/android-chrome-192x192.gif - DIRECT/10.0.5.120 -
1524206424.145     106 207.96.0.0 TCP_HIT/202 68247 GET http://elastic.co/guide/en/logstash/current/images/logstash.gif - NONE/- image/gif

[logstash.conf]:
input {
  file {
    path => "/var/input_logs/*"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}
filter {
  dissect {
    mapping => {
      "message" => "%{timestamp->} %{duration} %{client_address} %{cache_result}/%{status_code} %{bytes} %{request_method} %{url} %{user} %{hierarchy_code}/%{server} %{content_type}"
    }
    remove_field => ["message"]
  }
}
output {
  elasticsearch {
     hosts => ["localhost:9200"]
     index => "deviceevent-%{+YYYY.MM.dd}"
     manage_template => false
  }
  stdout { codec => rubydebug }
}


Event generated in IST time zone @ [2020-09-10T11:11:56,898]
[output]:
{
	"status_code" => "306",
	"request_method" => "GET",
	"path" => "/var/input_logs/inputdoc.txt",
	"@timestamp" => 2020-09-10T05:41:57.254Z,
	"url" => "http://elastic.co/android-chrome-192x192.gif",
	"server" => "10.0.5.120",
	"host" => "docker-desktop",
	"timestamp" => "1524206424.034",
	"client_address" => "207.96.0.0",
	"duration" => "19395",
	"user" => "-",
	"bytes" => "15363",
	"cache_result" => "TCP_MISS",
	"hierarchy_code" => "DIRECT",
	"@version" => "1",
	"content_type" => "-\r"
}

Badger · September 10, 2020, 3:10pm

@timestamp is always in UTC. I cannot imagine that will change in the future.

system · October 8, 2020, 3:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.