Timestamp question

Uros_Meglic · July 4, 2016, 7:46am

Hello,

I was just wondering what would be the correct setup for when the original logs that are being passed to logstash have a date time field that is all ready saved as UTC. Thats 2 hours behind local time.

I set the @timestamp from the log datetime and currenty this is what I'm using.

date {
                locale => "en"
                match => ["timestamp","YYYY-MM-dd HH:mm:ss"]
                remove_field => ["timestamp"]
                timezone => "Europe/Vienna"
        }

magnusbaeck · July 4, 2016, 7:48am

If the logs already are UTC then set timezone => "UTC" for the date filter.

Uros_Meglic · July 5, 2016, 6:31am

Thanks. Works perfectly.

Kind regards,

Uros

Topic		Replies	Views
Logstash filter date Logstash	3	283	November 11, 2018
How can I change the @timestamp match my timestamp? Logstash	3	737	July 6, 2017
Timezone with logstash Logstash	7	8340	December 8, 2016
@timestamp always 8h exact more than the matching time? Logstash	3	420	July 6, 2017
Date Filter Woes Logstash	2	243	August 27, 2019

Timestamp question

Related topics