This is my output snippet.
output {
elasticsearch {
hosts => "localhost"
index => "logstash-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
On my index, I got the index of the next day. So i don have 2 index in the same day.
As what i've read the some other post, it is because of the UTC standard of the logstash.
Is there a way to adjust the timezone of the output index. For ex. timezone => MNL/PHL
You could create another field with the date in your local timezone and reference that field in the index option.
Why does this even matter?
You could create another field with the date in your local timezone and reference that field in the index option.
For example I have a field in my data which is @timestamp, therefore can I use this field?
output {
elasticsearch {
hosts => "localhost"
index => "logstash-%{@timestamp}"
}
stdout {
codec => rubydebug
}
}
Why does this even matter?
For me to check if there's data stored in my server in the specific date. Or I can check today if there's data today.
For example I have a field in my data which is @timestamp, therefore can I use this field?
No, @timestamp is UTC so you can't use it without converting its value into a date string in the local timezone. That could be done with a ruby filter. I don't have details handy so you'll have to do some digging.
For me to check if there's data stored in my server in the specific date. Or I can check today if there's data today.
Just include the desired date range in your ES query instead.
Noted @magnusbaeck. Thank you very much! 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.