@timestamp value for syslog input not in UTC

d14 · March 6, 2024, 12:39pm

I'm using the syslog input to parse data from a syslog producer like this:

input {
    syslog {
        port => 5000
    }
}

The output of stdout { codec => rubydebug } shows that @timestamp is NOT in UTC but rather EST, the TimeZone value for the server on which Logstash is running.

@timestamp" => 2024-03-06T07:23:01.000Z, actual UTC is around 2024-03-06T12:23:01

Please correct me if I'm wrong, but my understanding is that @timestamp automatically parses to UTC.

Is this normal? How can I force it to UTC?

d14 · March 6, 2024, 1:07pm

Ha! I see where my issue is coming from. I forgot to set the timezone in the input.
So adding timezone => "America/New_York" fixed the issue for me. @timestamp is now in UTC.

Thanks.

system · April 3, 2024, 1:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Syslog @timestamp incorrect Logstash	9	1930	March 5, 2019
Different Timezones in syslog for some hosts Logstash	1	242	June 23, 2022
Logstash not applying correct system time to ingestion timestamp Logstash	4	378	July 12, 2023
Logstash-output-syslog plugin with different timezone Logstash	2	489	May 3, 2022
Why my @timestamp shows wrong hour when overwritten? Logstash	3	373	December 26, 2021

@timestamp value for syslog input not in UTC

Related topics