Hello,
Trying to configure logstash to ingest error logs into elastic from a txt file, so far its working and data gets delivered into elastic, but the date plugin won't get convert it to Eastern time.

Sample error from txt, note first field is what i am parsing and its already Eastern timezone...

2019-08-19 06:08:10 Local4.Warning xxx.xx.xxx.xxx Aug 19 2019 05:04:04: Doesn't have a proposal specified

My logstash config for the filter plugin

filter {
csv {
columns => ["ErrorDate", "ErrorType", "ASA_IP", "ErrorText"]
separator => " "
}

date {
	match => ["ErrorDate", "yyyy-MM-dd HH:mm:ss"]
	timezone => "EST"
	target => "ErrorDate"		
}
mutate {
    remove_field => [ "@timestamp","host","message","path","@version" ]
  }

}

"ErrorDate" gets converted to UTC and wont change

Can't figure out what i am doing wrong in my filter, any input is appreciated.
Thank you.

I think this might help you.

A date filter always converts to UTC. The timezone option is used to tell what timezone it is converting from , i.e. the name of your local timezone

Ok, is there a way to convert back to timezone i want?

I am not sure..There might be a way but i'm not aware of it.

This might be helpful https://stackoverflow.com/questions/29302444/convert-timestamp-timezone-in-logstash-for-output-index-name

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.