Logstash-output-syslog incorrect time

bambam · June 21, 2021, 2:57pm

I'm having an issue with using the logstash-output-syslog plugin. The syslog message header is showing a timestamp for UTC and not the timezone for where I'm located. Can someone provide some input on how to change the time so it's displayed in the correct timezone which is +04.

Below is my current logstash-output config

output {
syslog {
host => "server-ip"
severity => "debug"
protocol => "udp"
port => 5000
codec => json
}
}

Below is my input

input {
beats {
port => 5044
client_inactivity_timeout => 1200
}
}

filter {

if [winlog][api] == "wineventlog" {

grok { 
	match => { "message" => "(?<message>.*?)\n" }
	overwrite => ["message"] }	

    mutate { replace => [ "Message", "%{message}" ] }
    mutate { replace => [ "Hostname", "%{[host][name]}" ] }
    mutate { replace => [ "Severity", "%{[log][level]}" ] }
mutate { copy => [ "[@metadata][ip_address]", "[host]" ] }

}

}

system · July 19, 2021, 2:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash-output-syslog plugin with different timezone Logstash	2	486	May 3, 2022
Logstash Syslog @timestamp incorrect Logstash	9	1926	March 5, 2019
Logstash not applying correct system time to ingestion timestamp Logstash	4	373	July 12, 2023
Different Timezones in syslog for some hosts Logstash	1	242	June 23, 2022
@timestamp value for syslog input not in UTC Logstash	2	114	April 3, 2024

Logstash-output-syslog incorrect time

Related Topics