@timestamp value for syslog input not in UTC

d14 · March 6, 2024, 12:39pm

I'm using the syslog input to parse data from a syslog producer like this:

input {
    syslog {
        port => 5000
    }
}

The output of stdout { codec => rubydebug } shows that @timestamp is NOT in UTC but rather EST, the TimeZone value for the server on which Logstash is running.

@timestamp" => 2024-03-06T07:23:01.000Z, actual UTC is around 2024-03-06T12:23:01

Please correct me if I'm wrong, but my understanding is that @timestamp automatically parses to UTC.

Is this normal? How can I force it to UTC?

d14 · March 6, 2024, 1:07pm

Ha! I see where my issue is coming from. I forgot to set the timezone in the input.
So adding timezone => "America/New_York" fixed the issue for me. @timestamp is now in UTC.

Thanks.

system · April 3, 2024, 1:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timezone with logstash Logstash	7	8334	December 8, 2016
@timestamp not matching date parsed, apache logs Logstash	3	2799	July 6, 2017
Log Timezone Question Logstash	13	4848	January 10, 2020
How to set @timestamp timezone? Logstash	20	113515	July 6, 2017
Logstash timezone is not work Logstash elastic-stack-alerting	2	21	August 23, 2024

@timestamp value for syslog input not in UTC

Related Topics