Logstash Timezone Bug

Elastic Stack Logstash
1

I'm running logstash 6.5 inside a container (sebp/elk:650), this container is in the UTC timezone.
The host machine is in the America/New_York timezone, this is my Logstash configuration for the timezone:

date {
match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
target => "@timestamp"
timezone => "UTC"
add_field => { "debug" => "timestampMatched"}
}

The time is being matched, but what is weird is that the Logstash inside the container is always considering UTC time as the Host machine time (America/New_York), it simply doesn't convert the logs time to UTC.
I was just able to fix it changing the Logstash timezone to match the host:
timezone => "America/New_York"even tried before changing the container timezone to match the host machine (America/New_York), but Logstash inside the container kept considering UTC as America/New_York time.

I know that Logstash should always store logs in UTC timezone, so I would like to have your help on this.

Thanks

2

The timezone parameter here tells Logstash that the timestamps being parsed are in UTC time. As the filter always parses into UTC, the generated timestamp should be the same as the one passed in.

1 Like
3

So is this correct for me seetting it as:
timezone => "America/New_York" (It's working like this)

4

If the timestamps being parsed are in that timezone that is correct.

1 Like
5

Ok, thank you very much Christian!

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.