Hi,
I have this configuration in logstash.conf, however the alerts continue to arrive in UTC
filter {
if "his-vm" in [tags] {
# Agregar campos debug_alert_id y formatted_timestamp
mutate {
add_field => { "debug_alert_id" => "%{[alert_id]}" }
add_field => { "formatted_timestamp" => "%{@timestamp}" }
}
# Ajustar la zona horaria de formatted_timestamp
date {
match => [ "formatted_timestamp", "ISO8601" ]
timezone => "America/Asuncion"
target => "formatted_timestamp"
}
}
}
Help please!
The output of a date filter is always UTC. The timezone option to a date filter tells the filter what timezone the input is in. But if the input field looks like "2024-08-23T14:38:10.928Z" then that Z at the end means the string is in UTC so the timezone option is ignored.
Depending on what you want to achieve it may be helpful to remove the Z before calling the date filter. In other use cases you may need to use ruby.
Thanks! It works
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.