Hi,
we are sending events via logstash-output-syslog plugin to a syslog server. The timestamp of the messages at the syslog server are with timezone UTC. Is it possible to change the timestamp only for these events to different timezone than UTC?
I was thinking about switching to logstash-output-pipe and pipe the events into local "logger" command, but I guess this is ugly.
Thanks in advance
Matthias
logstash always stores timestamps as UTC. The syslog output does not include a timezone on rfc3164 format messages, so if you are using a date filter to parse the timestamp you could tell it the wrong timezone to get the timestamp moved to a different one.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.