Modifying the timestamp

Mormaii · July 7, 2016, 11:55pm

I've got a filebeat daemon outputting logs to my redis server. My logstash is getting the input from redis and the timestamps are looking like this: "2016-07-07T23:49:19.882Z". I'm trying to modify it with this logstash filter but can't seem to make it work.

  filter{
      date {
          locale => "en"
          timezone => "America/Argentina/Buenos_Aires"
          match => [ "timestamp", "dd/MM/yyyy:HH:mm:ss" ]
      }
  bla bla bla..
  }

This still gets me the same timestamp and doesn't edit the formatting.

warkolm · July 8, 2016, 12:06am

What outcome are you trying to achieve here?

Mormaii · July 8, 2016, 12:13am

I'm trying to change my timestamp from:

2016-07-08T00:12:19.963Z

To:

08/07/2016:21:12:19

warkolm · July 8, 2016, 12:15am

Ok, the date filter just takes a given format and then tries to turn it into ISO8601 as UTC.
It's not for changing it into a different format.

Mormaii · July 8, 2016, 12:56am

I just tested it and even if the time is incorrect on logstash, kibana displays the time correctly. How is this achieved? Will this time difference be a problem (3 hours) if I want to use curator to delete old elastic entries?

warkolm · July 8, 2016, 1:01am

LS+ES store times in UTC.
KB converts that to the browser timezome.

Curator also assumes UTC.

Topic		Replies	Views
Logstash changing date received from filebeat Logstash	4	544	July 30, 2018
Logstash date filter match timestamp issue Logstash	6	439	August 13, 2020
Logstash date filter changing my time automatically Logstash	2	433	June 19, 2018
Kibana displays wrong time Logstash	4	943	May 14, 2020
Logstash date extraction in logs Logstash	17	3250	April 10, 2019

Modifying the timestamp

Related topics