Hello everyone, I am an ELK beginner,
Background:
Area: GMT+ 8 Time Zone
Linux: CentOS Linux release 8.1.1911 (Core)
Database:mysql Ver 15.1 Distrib 10.3.27-MariaDB, for Linux (x86_64) using readline 5.1
logstash && elasticsearch: 7.12.0
When I use logstash to extract data from the mysql database, I found that if the date content is greater than 1901-01-01, the corresponding time will be 8 hours apart, which is correct!
Sample picture:
But when the date content of the mysql database is less than 1901-01-01, such as 1900-12-31, the returned time is 1900-12-30T15:54:17.000Z, which is 8 hours, 5 minutes and 43 seconds apart. Is this my mistake?
Sample picture:
logstash.conf:
input {
jdbc {
jdbc_driver_library => "/usr/src/mysql-connector-java-8.0.23/mysql-connector-java-8.0.23.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://localhost:3306/nba"
jdbc_user => "root"
jdbc_password => "root"
jdbc_paging_enabled => true
jdbc_page_size => "50"
tracking_column => "unix_ts_in_secs"
use_column_value => true
tracking_column_type => "numeric"
schedule => "*/15 * * * * *"
statement => "SELECT *, UNIX_TIMESTAMP(update_time) AS unix_ts_in_secs FROM nba_test WHERE (UNIX_TIMESTAMP(update_time) > :sql_last_value AND update_time < NOW()) ORDER BY update_time ASC"
}
}
filter {
mutate {
copy => { "number" => "[@metadata][_id]"}
remove_field => ["unix_ts_in_secs"]
}
}