Hello there,
I am working with some IIS logs, but they are exporting the date as UTC only. Is there a way to logstash that so that it takes UTC time and converts that to the local server time? I know there is an @timestamp that displays the time the event was processed, but if for some reason LogStash hangs and needs to be restarted or there is latency, that time for the log will be off.
The log displays the date field like this:
March 19th 2018, 15:53:27.341
Thank you much
Normally one uses the date filter to parse a timestamp string and store it in UTC in ISO8601 format in the @timestamp field. If you insist on storing it in local time (which I don't recommend; UTC is a good thing and conversion to local time should be done by presentation layers) you need to write some Ruby code in a ruby filter. Examples have been posted in the past.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.