Unable to replace my log_timestamp with @timestamp

Elastic Stack Logstash
1

Hi,

I am facing an issue while trying to set my log_timestamp to @timestamp. I have tried many combinations from various date filter topics from here. But it is not giving me any positive result.

My original logstash.conf is different with various inputs. But for now I am trying to achieve this date filter combination so please find my basic date filter setup in the following logstash.conf

'input {
file {
start_position => "beginning"
path => [{{ division[division_name].logstash.logstash_conf_connector_logs }}]
tags => ["processed_records"]
sincedb_path => "/dev/null"
}
}

filter {
if "processed_records" in [tags]{
grok {
match => {"message" => "%{TIMESTAMP_ISO8601:log_timestamp}"}
}
date {
match => [ "log_timestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
timezone => "CET"
}
}
}

output {
if "processed_records" in [tags]{
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["https://mylink:9200"]
index => "ecs-ar-mld-%{+YYYY-MM-dd}"
user => "ecs-ar"
password => "{{ division[division_name].logstash.logstash_conf_pwd }}"
ssl => true
cacert => "/usr/share/logstash/config/root-ca.pem"
ilm_enabled => false
}
}
}

stdout {
	codec => rubydebug
}

}'

Please help me to replace my log_timestamp with @timestamp field.

2

image
image1547×284 42.1 KB

3

Please find my above logs onboarded.

4

Clearly the date filter is working, it is just not using timezone CET, but instead Asia/Kabul! Is your local timezone +04:30? If so I would double check that you are running the configuration that you think you are.

5

Hi Badger,

Thanks for replying. My timezone is Asia/kolkata (+5:30). But my logs timezone (server timezone) is CET. Thats why I have mentioned it as CET in the date filter. My understanding is the timezone value should be the actual logs generation timezone.

But actually it works after I change to Asia/kolkata.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.