Timezone in Ingest Pipeline

Elastic Stack Kibana
1

I'm using a IngestPipeline to extract fields from my logs.
I start with extracting the Timestamp and targeting it into @timestamp s.b.
now i'm mostly not provided with any timezone from my log and @Timestamp is using its default UTC. This would be fine if i would be in that timezone. But since this will not be only running in one timezone i would like to set the 'timezone' field to something that let it use the local system time. Is there a value like this? Or any other way to achieve this?
I didn't find anything

  #Set timestamp to value deduced from log message.
  - date:
      if: ctx.event == null || ctx.event.timezone == null
      field: pac.log.timestamp
      target_field: '@timestamp'
      formats:
        - yyyy-MM-dd HH:mm:ss,SSS
      on_failure:
        - append:
            field: error.message
            value: '{{ _ingest.on_failure_message }}'
2

Which system are you talking about it here?

The date processor will always use the UTC timezone unless you use the timezone option to explictily change the timezone from where the date time string was generated.

If you have events from different timezone you will need to send the timezone with the event and use it in the processor or convert the date string to UTC before sending it.

1 Like
3

Finally found something that does exactly what i want. It's the add_locale processor. I put it in my filebeat.yml and for my system it works perfectly fine.
Thanks for the hint with the event.timezone

Kind Regards

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.