Timezone issue with logstash date filter plugin

Elastic Stack Logstash
1

Hi All,

We are ingesting data into elasticsearch using logstash, our problem here is with the timezone issue. We are having a total of 8 date fields in the documents
for example we are ingesting servicenow data, which will have the fields like createdDate, updatedDate, closedDate, resolvedDate, we have written a mapping for date conversion in kibana which is working fine.

But the problem is the timezone, by default elasticsearch is storing in UTC and my source time zone is in "America/New_York" the data which is shown in kibana and my source has a difference of 4 hours(basically kibana time is 4 hours ahead of my source data)

with this difference i cant build a trendline which will be of no use it its not proper.

Any advice on this

Thanks
Gautham

2

elasticsearch always stores times as UTC. By default kibana will display times in the browser's timezone. You can use the timezone option on a date filter to tell the filter which timezone the logs are in, so that it can set the date in the event to UTC.

Do you have a problem with any of those?

3

@Badger The date filter in logstash is not working...

Below is my time filter

filter {
  date { match => ["[result][sys_created_on]", "MM-dd-yyyy HH:mm:ss"]
          timezone => [ "America/New_York" ] }

Thanks
Gautham

4

If you want [result][sys_created_on] modified then set the target option on the date filter. By default the filter overwrites @timestamp

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.