Logstash datetime timezone

Elastic Stack Logstash
1

Hello!
How i can change datetime timezone?
What i else not to tr, anything didn't help me.

input {
 jdbc {
 jdbc_driver_library => "/etc/logstash/drivers/sqljdbc42.jar"
 jdbc_driver_class => "com.microsoft.sqlserver.jdbc.SQLServerDriver"
 jdbc_connection_string => "jdbc:sqlserver://server:1433;databasename=db"
 jdbc_user => "login"
 jdbc_password => "pass"
 statement => "SELECT m.*
 , mc.nameRu AS CategoryNameRu
, mt.nameRu AS TypeNameRu
, ms.nameRu AS SourceNameRu
, p.Fio_Ru
, s.RowName AS LoginName
, pos.FullNameRu AS PositionNameRu
  FROM LOG_Messages m
  JOIN DIC_LOG_MESSAGE_SOURCE_TO_TYPE mst ON mst.id = m.refMessageSourceType
  JOIN DIC_LOG_MESSAGE_CATEGORY mc ON mc.id = mst.refMessageCategory
  JOIN DIC_LOG_MESSAGE_TYPE mt ON mt.id = mst.refMessageType
  JOIN DIC_LOG_MESSAGE_SOURCE ms ON ms.id = mst.refMessageSource
  LEFT JOIN ULS_Persons p ON p.id = m.refRecordCard
  LEFT JOIN LOG_SidIdentification s ON s.id = m.refSid
  LEFT JOIN ULS_SubdivisionPositions pos ON pos.id = m.refPosition
  ORDER BY id DESC"
    }
  }   
  filter {
   mutate {
add_field => { "message" => "%{typenameru}" }
  }
   date {
      match => [ "datetime", "YYYY-MM-dd HH:mm:ss.SSS" ]
      timezone => "Etc/GMT-6"
      }
   	}
  output {
    gelf{
         	host => "0.0.0.0"
            port => 12231
            short_message => 'short_message'
            }
  stdout { codec => rubydebug}
     }

It is my output from debug -

{
"sourcenameru" => "Задачи",
"loginname" => "OrderPointStatement",
"refrvsproperties" => nil,
"refmessagesourcetype" => 542,
"message" => "Действие",
"positionnameru" => nil,
"content" => "Start ParagraphExecutor.Execute",
**    "datetime" => 2018-02-01T09:00:00.463Z,**
**    "@timestamp" => 2018-02-01T15:00:00.463Z,**
"refposition" => nil,
"clientipaddress" => "",
"refrecordcard" => nil,
"@version" => "1",
"id" => 14232235,
"refarchive" => 50,
"refsid" => 3726,
"categorynameru" => "Информация",
"typenameru" => "Действие",
"fio_ru" => nil
}
2

The date filter always produced a UTC timestamp. This is not configurable. You could however use a ruby filter to get whatever timezone you want, and examples of that have been posted in the past. I just don't understand why people bother.

1 Like
3

Agreed!!
You are already getting help here Datetime from sql to Timestamp logstash

Why open a new thread? And read the docs, you asked questions that are answered there.

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.