Hello, I live in the NA East timezone so currently we are 4 hours behind UTC,
I understand that logstash puts the @timestamp in UTC but it is putting in the wrong time.
Logstash parsed a log at 10:30 am in my timezone (Which is 2:30 pm UTC)
"@timestamp" => 2023-06-13T10:29:59.000Z,
But as you can see it says it is 10:30 am UTC which is not correct as it is 4 hours behind.
When I put the date command into the server to see the time it shows:
Tue Jun 13 02:30:31 PM UTC 2023
How are you creating the [@timestamp] field?
It is automatically created by logstash itself.
This is the conf file that is being run
input {
syslog {
port => 5014
}
}
filter {
}
output {
elasticsearch {
hosts => ["localhost:9200"]
user => "elastic"
password => "changeme"
index => ["syslog"]
}
stdout {
codec => rubydebug
}
}
After doing more research and finding this: Logstash Syslog @timestamp incorrect - #7 by BenB196
I fixed the issue by adding the timezone to my syslog input:
input {
syslog {
port => 5014
timezone => "America/New_York"
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.