Timezone offset with logstash / redis / ES

redis elasticsearch logstash

10,005

You can use this filter to change timezone. Change

"@timestamp": "2014-04-23T13:40:29.000Z"

"@timestamp": "2014-04-23T15:40:29.000+0200"

Try to use this filter

filter {
    ruby {
        code => "
                event['@timestamp'] = event['@timestamp'].localtime('+02:00')
        "
    }
}

Hope this can help you.

10,005

Author by

Updated on June 04, 2022

Mat777 almost 2 years
I'm trying to configure logstash with redis and elasticsearch.

I have a problem with the @timestamp field.

The value of @timestamp is always the real event timestamp -2 hrs.

I have a shipper configured like this :
```
 input{ file {...}}


 filter{

    if [type]=="apachelogs"{

    grok{
            match => [ "message", "%{COMBINEDAPACHELOG}"]
    }
      date {
            locale => "en"
            timezone => "Europe/Brussels"
            match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
      }
    }

}

output{ redis{...}}
```
and a logstash-indexer like this :
```
   input{ redis {...}}

   output { elasticsearch {...}}
```
The result of an event in ES looks like this :
```
 "@timestamp": "2014-05-21T13:29:53.000Z"
 ...
 "timestamp": "21/May/2014:15:29:53 +0200"
```
So as you can see there is always a 2hrs offset in the @timestamp and I can't figure out why. I've tried different things such as changing the timezone etc. without success.

Any idea about this one ?

Thanks
Ebarriosjr over 8 years

how do you do if you live in a time zone which changes? (ex. Daylight Saving Time )