Hi all,
I am using the following filter to extract only the time from the @timestamp field.
ruby {
code => "event.set('[datetime][time]',event.get('@timestamp').time.strftime('%H:%M:%S'))"
}
Which works exept for the fact that there is an hour difference as shown in the below picture.
The local time of the logstash server matches the @timestamp field. Not sure why I am getting this result and how to correct it.
Any help will be appreciated.
Thanks
Hi,
In logsatsh, @timestamp timezone is UTC and the storage of this timestamp in elasticsearch is also in UTC.
But in Kibana, by default, all the date types value are converted to the browser's timezone (see in stack managment) this is why your timestamp value is correct but not the nested file.
So i recommend you to use the date filter in logstash to change the type of your value from string to date.
Cad.
Hi @Cad , thanks for your reply. I tried converting the datetime.time field into date type and now time is right but kibana tries to display it as a full date relative to 1970.
You can edit that in the kibana settings:
Stack Management > Index Pattern > [your index pattern] > search datetime.time > edit (with the pen on the right) > in "Format" select "Date" > edit "Moment.js format pattern" to only have HH:mm:ss
And save field
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
