Hello everyone, I am an ELK beginner,

Background:

Area: GMT+ 8 Time Zone
Linux:  CentOS Linux release 8.1.1911 (Core)
Database：mysql  Ver 15.1 Distrib 10.3.27-MariaDB, for Linux (x86_64) using readline 5.1
logstash && elasticsearch: 7.12.0

When I use logstash to extract data from the mysql database, I found that if the date content is greater than 1901-01-01, the corresponding time will be 8 hours apart, which is correct！
Sample picture:

But when the date content of the mysql database is less than 1901-01-01, such as 1900-12-31, the returned time is 1900-12-30T15:54:17.000Z, which is 8 hours, 5 minutes and 43 seconds apart. Is this my mistake?
Sample picture:

logstash.conf：

    input {
      jdbc {
        jdbc_driver_library => "/usr/src/mysql-connector-java-8.0.23/mysql-connector-java-8.0.23.jar"
        jdbc_driver_class => "com.mysql.jdbc.Driver"
        jdbc_connection_string => "jdbc:mysql://localhost:3306/nba"
        jdbc_user => "root"
        jdbc_password => "root"
        jdbc_paging_enabled => true
        jdbc_page_size => "50"
        tracking_column => "unix_ts_in_secs"
        use_column_value => true
        tracking_column_type => "numeric"
        schedule => "*/15 * * * * *"
        statement => "SELECT *, UNIX_TIMESTAMP(update_time) AS unix_ts_in_secs FROM nba_test WHERE (UNIX_TIMESTAMP(update_time) > :sql_last_value AND update_time < NOW()) ORDER BY update_time ASC"
      }
    }
    filter {
      mutate {
        copy => { "number" => "[@metadata][_id]"}
        remove_field => ["unix_ts_in_secs"]
      }
    }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.