Logstash Timezone Bug

Nelson_Ferreira_Juni · December 21, 2018, 1:12pm

I'm running logstash 6.5 inside a container (sebp/elk:650), this container is in the UTC timezone.
The host machine is in the America/New_York timezone, this is my Logstash configuration for the timezone:

date {
match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
target => "@timestamp"
timezone => "UTC"
add_field => { "debug" => "timestampMatched"}
}

The time is being matched, but what is weird is that the Logstash inside the container is always considering UTC time as the Host machine time (America/New_York), it simply doesn't convert the logs time to UTC.
I was just able to fix it changing the Logstash timezone to match the host:
timezone => "America/New_York"even tried before changing the container timezone to match the host machine (America/New_York), but Logstash inside the container kept considering UTC as America/New_York time.

I know that Logstash should always store logs in UTC timezone, so I would like to have your help on this.

Thanks

Christian_Dahlqvist · December 21, 2018, 1:15pm

The timezone parameter here tells Logstash that the timestamps being parsed are in UTC time. As the filter always parses into UTC, the generated timestamp should be the same as the one passed in.

Nelson_Ferreira_Juni · December 21, 2018, 1:16pm

So is this correct for me seetting it as:
timezone => "America/New_York" (It's working like this)

Christian_Dahlqvist · December 21, 2018, 1:21pm

If the timestamps being parsed are in that timezone that is correct.

Nelson_Ferreira_Juni · December 21, 2018, 1:22pm

Ok, thank you very much Christian!

system · January 18, 2019, 1:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.