@timestamp value for syslog input not in UTC

d14 · March 6, 2024, 12:39pm

I'm using the syslog input to parse data from a syslog producer like this:

input {
    syslog {
        port => 5000
    }
}

The output of stdout { codec => rubydebug } shows that @timestamp is NOT in UTC but rather EST, the TimeZone value for the server on which Logstash is running.

@timestamp" => 2024-03-06T07:23:01.000Z, actual UTC is around 2024-03-06T12:23:01

Please correct me if I'm wrong, but my understanding is that @timestamp automatically parses to UTC.

Is this normal? How can I force it to UTC?

d14 · March 6, 2024, 1:07pm

Ha! I see where my issue is coming from. I forgot to set the timezone in the input.
So adding timezone => "America/New_York" fixed the issue for me. @timestamp is now in UTC.

Thanks.

system · April 3, 2024, 1:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.