Timestamp question

Uros_Meglic · July 4, 2016, 7:46am

Hello,

I was just wondering what would be the correct setup for when the original logs that are being passed to logstash have a date time field that is all ready saved as UTC. Thats 2 hours behind local time.

I set the @timestamp from the log datetime and currenty this is what I'm using.

date {
                locale => "en"
                match => ["timestamp","YYYY-MM-dd HH:mm:ss"]
                remove_field => ["timestamp"]
                timezone => "Europe/Vienna"
        }

magnusbaeck · July 4, 2016, 7:48am

If the logs already are UTC then set timezone => "UTC" for the date filter.

Uros_Meglic · July 5, 2016, 6:31am

Thanks. Works perfectly.

Kind regards,

Uros

Topic		Replies	Views
Logstash filter date Logstash	3	283	November 11, 2018
How can I change the @timestamp match my timestamp? Logstash	3	735	July 6, 2017
Timezone with logstash Logstash	7	8334	December 8, 2016
The date filter's timezone offset match not working? Logstash	5	1156	December 26, 2017
How to set @timestamp timezone? Logstash	20	113515	July 6, 2017

Timestamp question

Related Topics