@timestamp is different in kibana then output of rubydebug @timestamp

Vivek_Nigam · December 10, 2017, 7:18am

in MY rubydebug output @timestamp is correct but while creating index pattern in kibana @timestamp is current system time stamp.

Rubydebug output is correct :

"@timestamp" => 2017-12-08T23:07:51.086Z,
"mytimestamp" => "12082017 23:07:51.086"

but in kibana its like:
December 09th 2017, 05:29:55.657

my code:

input {
file {
type => "caus"
path => "/opt/logs/*"
start_position => "beginning"

            }
    }

filter {
if [type] == "caus" {

grok {
match => [
"path",
"^%{GREEDYDATA}/[^/]+_%{INT:filedate}.txt$"
]
}
grok {
patterns_dir => ["/etc/logstash/patterns"]
match => [ "message", "%{CAUS}" ]
add_tag =>["Queues"]
}
}
mutate {
convert => { "records" => "integer" }
convert => { "PRIORITY" => "integer" }
convert => { "Ctime" => "integer" }

add_field => {
"mytimestamp" => "%{filedate} %{MyTimeStamp}"
}
}

date {
match => [ "mytimestamp", "MMddyyyy HH:mm:ss.SSS" ]
timezone => "UTC"
}
}

output {

if [type] == "caus" {
elasticsearch {
index => "mydata2"
hosts => ["localhost:9200"]
user => "elastic"
password => changeme
sniffing => true
manage_template => true
}
}

Please advise

Christian_Dahlqvist · December 10, 2017, 8:12am

Elasticsearch requires all timestamps to be in UTC timezone, and Kibana will adjust this to your local timezone when displaying it. I would expect this kind of behaviour if the timestamp you are converting using the date filter is not in UTC as the timezone parameter specifies.

system · January 7, 2018, 8:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.