We get the timestamps in this format: '2023-10-01T01:22:33.123Z'.
Where can I set the format? And which time zone is preset? How can I find out the timezone from the timestamp? Is that UTC?
We use filebeat agents to collect the logs.
This is in UTC, the Z in the end means that the time is in UTC.
Since Elasticsearch store all date and times in UTC, you do not need to change this date.
thanks for the reply. How do I recognize the time zone? If my application were to run in a different time zone than mine, it would be important to me in which time zone the log entry was written
This depends entirely on how the application is logging the date and time.
Filebeat will collect the log lines and send them to elasticsearch, if you want the date and time present in your log line to be used as the date and time for the elasticsearch document, you will need to parse your log line and set this field as the @timestamp field.
Thank you for the detailed answer @ leandrojmp .
Can you or someone else tell me how to identify the time zone? In which time zone was the log created? I can't tell from the timestamp. Can you change the time zone? E.g. :02:00 or +2?
But identify where? It is not clear what is your issue.
A date string that has timezone information will normally have it at the end with something like "+0200" or "+02:00", if you do not have anything like this then you cannot know in which timezone the log is just by looking at the log line.
So we get log entries from Filebeat where there is a timestamp field. For example, it contains this value "2023-10-01T01:22:33.123Z"
How can I configure filebeat so that it should also write the time zone? Or can I configure it somewhere else?
I'm sorry, but what log are you talking about?
The log files that filebeat will read or the log files that filebeat generate, as the log for the filebeat service?
The times in the logs generated by the filebeat service are in UTC, I do not think you can change it.
The times in the logs that filebeat reads are created by your application, those logs will be sent to Elasticsearch, is in Elasticsearch that you are seeing this time? It is not clear what your issue really is.
Times in Elasticsearch are also in UTC and you cannot change that, the times in UTC will be converted by Kibana to the browser time zone.
Thank you for your answer and please excuse the confusion.
The logs generated by filebeat have a timestamp field. I now understand that this timestamp is in UTC. But in which time zone? Unfortunately I don't understand that. The Filebeat agents could run in different time zones and in the end it is important for me to know in which time zone the filebeat entry was created.
The logs generated by the filebeat service are in UTC, there is no timezone offset in UTC time, it is the equivalent of GMT.
Timezones are time offsets from UTC/GMT, for example, a timezone of +0300, means that the time is 3 hours ahead of UTC/GMT.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.