Logstash Date filter timezone

Shubhank_Gupta · August 8, 2018, 9:14am

Hi,

filebeat.yml

Code -

filebeat.inputs:

type: log
paths:
- logs/debug/*
fields:
document_type: debug
cu_hostname_input: dummy
user_tag: shubh_08_aug_debug_testt
sw_version: Unspecified
timeZone: EST
fields_under_root: true
close_inactive: 1m
close_eof: true
exclude_files: [".PerformanceLog_RP.","uncompress.sh"]

This is my code as filter .conf file

date {
match => ["log_timestamp" , "yyyyMMdd HHmmss.SSSSSS"]
target => "@timestamp"
#timezone => "%{[fields][timeZone]}"
#timezone => "%{[field][timeZone]}"
#add_field => { "debug" => "debugTimestampMatched"}
add_field => { "timezone_value" => "%{[fields][timeZone]}"}
}

Now my issue is how to provide timezone value in date filter of timeZone value coming from filebeat.
timeZone value is either "UTC" or "IST" or "EST" only.

add_field => { "timezone_value" => "%{[fields][timeZone]}"}
This syntax gives value as

timezone_value %{[fields][timeZone]}

Thanks,

Shubhank_Gupta · August 8, 2018, 9:23am

I have tried
add_field => { "timezone_value" => %{[fields][timeZone]}}

Same result

Need help

magnusbaeck · August 8, 2018, 12:11pm

Since you have fields_under_root: true the fields don't end up as subfields of fields.

Note that it doesn't appear that the timezone option supports all the timezone names that you have. See the documentation of that option.

system · September 5, 2018, 12:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.