Hello!
I have a @timestamp field that is created from two other fields. That works fine.
Kibana also updates the timezone automatically (from what I read). That also works fine.
I have a new field HOUR that has been created from the @timestamp field using strftime. That works fine as well.
Here's my issue: The HOUR field is using the UTC time. How can I change it to America/Chicago?
Here's my code:
ruby {
code => "event.set('[DAY]',event.get('@timestamp').time.strftime('%a'))
event.set('[DAY_OF_MONTH]',event.get('@timestamp').time.strftime('%d').to_i)
event.set('[HOUR]',(event.get('@timestamp').time.strftime('%H').to_i))"
}
if [source] =~ "table" {
mutate{ add_field => {
"[@metadata][timestamp]" => "%{SMF30DTE} %{SMF30TME}"
}}
date{
match => ["[@metadata][timestamp]", "yyyy-MM-dd HH:mm:ss:SS"]
timezone => "America/Chicago"
target => "@timestamp"
}
}
Here's the output in Kibana:
Time DAY_OF_MONTH HOUR @timestamp
13:58:23.430 4 20 November 4th 2019, 13:58:23.430
^^ The HOUR field should contain 13, not 20.
(I've gone through the documentation but it's really not that detailed, nor does it provide any examples.)