I'm having an issue with using the logstash-output-syslog plugin. The syslog message header is showing a timestamp for UTC and not the timezone for where I'm located. Can someone provide some input on how to change the time so it's displayed in the correct timezone which is +04.
Below is my current logstash-output config
output {
syslog {
host => "server-ip"
severity => "debug"
protocol => "udp"
port => 5000
codec => json
}
}
Below is my input
input {
beats {
port => 5044
client_inactivity_timeout => 1200
}
}
filter {
if [winlog][api] == "wineventlog" {
grok {
match => { "message" => "(?<message>.*?)\n" }
overwrite => ["message"] }
mutate { replace => [ "Message", "%{message}" ] }
mutate { replace => [ "Hostname", "%{[host][name]}" ] }
mutate { replace => [ "Severity", "%{[log][level]}" ] }
mutate { copy => [ "[@metadata][ip_address]", "[host]" ] }
}
}