Hi !
I am using filebeat to send logs to elasticsearch thru logstash. Inside logstash I am using grok to match the pattern where I extract date string.
grok { match => {"message" => ["%{GREEDYDATA:log_time} \[%*****(other things...)
Then I have to map it to date:
date{ match => [ "log_time", "YYYY-MM-dd HH:mm:ss.SSSS" ] target => "log_time" }
But it is changing my date for example from
2018-03-29 03:00:51.0388 to March 29th 2018, 04:00:51.038
Adding 1 hour. What is responsible for that ?
The date filter converts the parsed timestamp to UTC. Kibana by default adjusts UTC timestamps to the brower's timezone.
Yes, just found that, but in my opinion it is not right. Usually logs are saved to files with date and due to that convertion I have document in elastic that log's date time is not existing in the file.
Anyway thanks for surprisingly quick answer.
Usually logs are saved to files with date and due to that convertion I have document in elastic that log's date time is not existing in the file.
Why does the timestamp format and timezone matter? The important thing is that it represents the same point in time as in the original log.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.