Timestamp field with local timezone!

alexwbai · December 10, 2018, 7:54pm

Sorry I know these timezone questions have been beaten to death but I'm really having trouble finding the solution to this problem:

This is what I want to do:

Take existing epoch time integer field (eg. 1544471514) and turn it into a timestamp in my LOCAL timezone.
I would like to use a TIMEZONE (eg. America/New_York), not just hardcode an integer offset (eg. localtime('+01:00') because I need to automatically adhere to daylight savings time changes etc.
This has nothing to do with the default @timestamp field and I know that date {} filter converts to UTC so I am not using that.

I've read I can use a ruby filter to do this but just need a push in the right direction.

Thanks!
AlexW

admlko · December 11, 2018, 10:19am

Yeah, I think you have to use ruby filter in order to accomplish what you want.

If I have understood correctly, you need to use 'tzinfo' rubygem in order to handle timezones the way you want to.

So, here's something to push you in the right direction.

  ruby {
    init => "['date', 'tzinfo'].each(&method(:require))"
    code => "
      tz = TZInfo::Timezone.get('Europe/Helsinki')
      local = tz.utc_to_local(Time.at(event.get('epoch_time_integer_field')))
      event.set('localtime', local.to_s)
      event.set('timezone', tz.to_s)
    "
  }

This is completely untested and my ruby skills are close to zero, but it should be enough to give you an idea how to achive your goal. I also have no idea in which format you would like to save the local time etc etc.

Please note, that you need to deliver tzinfo gem to Logstash by yourself.

alexwbai · December 14, 2018, 8:54pm

Awesome thanks so much admlko. I'm going to try to test out this code; it's amazing to me this is such a process.

Any tips on installing the tzinfo gem?

Thanks

alexwbai · December 17, 2018, 6:04pm

This did the trick. (I dissected the new date time at the end).

filter {
date {
match => ["epochts", "UNIX"]
target => "timetarget"
}

ruby {
init => "['date', 'tzinfo'].each(&method(:require))"
code => "
tz = TZInfo::Timezone.get('US/Eastern')
local = tz.utc_to_local(Time.at(event.get('epochts')))
event.set('localtime', local.to_s)
event.set('timezone', tz.to_s)
"
}

dissect {
mapping => {
"localtime" => "%{year}-%{month}-%{day} %{hour}:%{minute}:%{second} UTC"
}
}

}

system · January 14, 2019, 6:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need to add timezone field to my output Logstash	2	1194	July 6, 2017
Converting timezones in Logstash - HOWTO Logstash	3	1524	June 18, 2023
Date Custom Field Timezone Logstash	7	4451	December 20, 2017
Add extra timestamp field for local time Logstash	2	1543	May 23, 2017
Logstash convert field to local time Logstash	2	933	April 16, 2018

Timestamp field with local timezone!

Related topics