Timezone offset using logstash / redis / ES

Question

Timezone offset using logstash / redis / ES

I am trying to configure logstash using redis and elasticsearch.

I have a problem with the @timestamp field.

The value @timestamp is always a real-time timestamp of -2 hours.

I have a shipper configured as follows:

 input{ file {...}}


 filter{

    if [type]=="apachelogs"{

    grok{
            match => [ "message", "%{COMBINEDAPACHELOG}"]
    }
      date {
            locale => "en"
            timezone => "Europe/Brussels"
            match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
      }
    }

}

output{ redis{...}}

and logstash-indexer pointer:

   input{ redis {...}}

   output { elasticsearch {...}}

The result of the event in ES is as follows:

 "@timestamp": "2014-05-21T13:29:53.000Z"
 ...
 "timestamp": "21/May/2014:15:29:53 +0200"

So you can see that there is always a 2 hour offset in @timestamp, and I cannot understand why. I tried various things like changing the time zone, etc. Without success.

Any ideas on this?

thank

+4

elasticsearch redis logstash

Mat777 May 21 '14 at 13:59

source share

2 answers

timezone . ? .

 "@timestamp": "2014-05-21T13:29:53.000Z"
 "timestamp": "21/May/2014:15:29:53 +0200"

Z +0000.

0

okwap 09 . '16 10:39

Ben Lim · Accepted Answer · 2014-05-22T02:45:11+0000

You can use this filter to change the time zone. Edit

"@timestamp": "2014-04-23T13: 40: 29.000Z"

to

"@timestamp": "2014-04-23T15: 40: 29.000 + 0200"

filter {
    ruby {
        code => "
                event['@timestamp'] = event['@timestamp'].localtime('+02:00')
        "
    }
}

, .

Timezone offset using logstash / redis / ES

More articles: