Logstash output plugin index time zone problems

maghibus · November 22, 2018, 4:37pm

Hi,

Take for example a log file with the following content:

2018-11-15 00:58:15,417 INFO  [org.alfresco.solr.component.AsyncBuildSuggestComponent] Building suggester index for: shingleBasedSuggestions
2018-11-15 01:58:15,417 INFO  [org.alfresco.solr.component.AsyncBuildSuggestComponent] Building suggester index for: shingleBasedSuggestions

My time zone is Europe/Rome (CET) and this is my Logstash configuration:

filter plugin:

 filter {
   grok {
     match => { "message" => "\A%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity}%{SPACE}*%{SYSLOG5424SD}" }
   }
   if "_grokparsefailure" in [tags] { drop {} }
   date { 
     match => ["timestamp", "yyyy-MM-dd HH:mm:ss,SSS"] remove_field => ["timestamp"] }
   }
}

output plugin:

elasticsearch {
   hosts => ["localhost"]
   manage_template => false
   index => "solr-%{+YYYY.MM.dd}"
}

Logstash creates two indecis:

solr-2018.11.14

2018-11-15 00:58:15,417 INFO [org.alfresco.solr.component.AsyncBuildSuggestComponent] Building suggester index for: shingleBasedSuggestions

solr-2018.11.15

2018-11-15 01:58:15,417 INFO [org.alfresco.solr.component.AsyncBuildSuggestComponent] Building suggester index for: shingleBasedSuggestions

How can I avoid that scenario?
What is the best scenario?

Thaks

system · December 20, 2018, 4:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log data entered wrong index Logstash	3	464	October 15, 2018
[ELK]logstash default timezone cause index splitting problem in different timezones Logstash	15	6418	July 6, 2017
Logstash output elasticsearch a day index but curent day index contain two days data (curent day and next day_) Beats filebeat	6	599	May 25, 2017
Logstash => ES, Timezone and IndexName Logstash	4	2709	August 22, 2017
Logstash creates index which is 2 dates ahead Logstash	7	1138	July 3, 2017

Logstash output plugin index time zone problems

Related topics