@timestamp is different in kibana then output of rubydebug @timestamp

in MY rubydebug output @timestamp is correct but while creating index pattern in kibana @timestamp is current system time stamp.

Rubydebug output is correct :

"@timestamp" => 2017-12-08T23:07:51.086Z,
"mytimestamp" => "12082017 23:07:51.086"

but in kibana its like:
December 09th 2017, 05:29:55.657

my code:

input {
file {
type => "caus"
path => "/opt/logs/*"
start_position => "beginning"

            }
    }

filter {
if [type] == "caus" {

grok {
match => [
"path",
"^%{GREEDYDATA}/[^/]+_%{INT:filedate}.txt$"
]
}
grok {
patterns_dir => ["/etc/logstash/patterns"]
match => [ "message", "%{CAUS}" ]
add_tag =>["Queues"]
}
}
mutate {
convert => { "records" => "integer" }
convert => { "PRIORITY" => "integer" }
convert => { "Ctime" => "integer" }

add_field => {
"mytimestamp" => "%{filedate} %{MyTimeStamp}"
}
}

date {
match => [ "mytimestamp", "MMddyyyy HH:mm:ss.SSS" ]
timezone => "UTC"
}
}

output {

if [type] == "caus" {
elasticsearch {
index => "mydata2"
hosts => ["localhost:9200"]
user => "elastic"
password => changeme
sniffing => true
manage_template => true
}
}

Please advise

Elasticsearch requires all timestamps to be in UTC timezone, and Kibana will adjust this to your local timezone when displaying it. I would expect this kind of behaviour if the timestamp you are converting using the date filter is not in UTC as the timezone parameter specifies.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.