Hi,
In our logs, we have our date time as below and trying to set the same to timestamp field in logstash. It's giving correct UTC time for AM timings but not converting to right UTC time for PM timings.
Logs : the below data is mapped as Date, Time, half-day using grok filter.
//
03/11/20 09:36:58 AM
03/11/20 09:36:58 PM
03/11/20 02:08:31 PM
//
Our logstash config has :
//
If [halfday] =~ /[AP]M/ {
mutate { add_field ==> [ "ts" , "%{date} %{time} %{halfday}" ] }
} else {
mutate { add_field ==> ["ts" , "%{date} %{time}" ] }
}
If [ts] =~ /date/ {
drop { }
}
date {
match => [ "ts" , "MM/dd/yy HH:mm:ss a" ]
target => "@timestamp"
}
//
For ex : for NY time --> 08:45:42 PM and 08:45:42 AM, timestamp shows as "13:45:42.000Z" for both.
So, for PM time, timestamp is not converting to the right UTC time.
Any help in this is usefull. Thanks in advance.
Regards, Vinutha