Timezone with logstash

Elastic Stack Logstash
1

I have a problem with the @timestamp field. Value of @timestamp is always the real event timestamp -2 hrs.
input{ file {...}}

filter{

if [type]=="apachelogs"{

grok{
        match => [ "message", "%{COMBINEDAPACHELOG}"]
}
  date {
          timezone => "Europe/kiev"
        match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
        remove_field => [ "timestamp" ]
  }
}

}

output{ elasticsearch { hosts => ["localhost:9200"]}

The result
"@timestamp": "2016-11-09T13:29:53.000Z"
...
"timestamp": "09/Nov/2016:15:29:53 +0200"

We can see time mismatch . Whan I tune
date {
timezone => "UTC"
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss +0200" ]
remove_field => [ "timestamp" ]
}
match time @timestamp and timestamp, but Kibana shows the wrong time.
Any idea about this one ?
Thanks

2

The @timestamp field is always UTC. This is not configurable.

3

the time difference is not corrected?

4

whereas you can fix the time?

5

the time difference is not corrected?

The date filter shifts the input timestamp to UTC and stores it in the @timestamp field.

6

there is no solution to this problem?

7

Why do you think this is a problem? Kibana automatically adjusts the timestamp to the browser's timezone (configurable) and other presentation layers should do the same thing.

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.