Logstash Time Zone Configuration

Question

Logstash Time Zone Configuration

I have been using logstash for quite some time, but now I have a problem with time zones. Logstash reads a log file that has time in UTC. So in the summer I am UTC + 2.

If I configure Kibana to use UTC, it shows the log files hours before the current time.

Example timezone = "user" Log.txt 2013-06-22 08:29:10 TestLog Kibana 2013-06-22 08:29:10 TestLog Current Time: 10:29 Example timezone = "UTC" Log.txt 2013-06-22 08:29:10 TestLog Kibana 2013-06-22 06:29:10 TestLog Current time: 08:29

Due to this problem, I cannot use the stream.

thanks for your reply

+4

timezone logging configuration logstash

user1734614 Jun 25 '13 at 8:32

source share

1 answer

Dan garthwaite · Answer 1 · 2013-10-31T12:43:42+0000

You can set the time zone and date of the incoming event using the date filter. These are two different things.

"Set date" means that the filter is able to change the timestamp of the event to some value obtained from @message, overwriting the default value when it arrives. Useful for playing magazines.

"Set time zone" shifts the time in accordance with the deltas between the tz system and the value set in this data filter.

You are claiming to be in UTC + 2 and the event is from UTC. Suppose the tag is "mytag":

 filters { date { tags => ["mytag"] timezone => "utc" add_tag => ["tz_utc"] } }

I added a tag to make it easier to filter in kiban, etc.

Logstash Time Zone Configuration

More articles: