My log file contains a timestamp without timezone indicator.
In format dd-MMM-yyyy::HH:mm:ss
My server is located in central Europe, so is in timezone UTC+1 but currently uses DST that results in UTC+2.
A date in the log file: 2017-07-25::17:30:00 is parsed as 2017-07-25T16:30:00Z. But it should be 2017-07-25T15:30:00Z. As we are in DST now.
Logstash seems to consider only the timezone but not DST.
How can I fix this?
My logstash config:
date {
match => ["logdate", "dd-MMM-yyyy::HH:mm:ss"]
target => "@timestamp"
remove_field => "logdate"
}
You need to specify the timezone your dates are in:
date {
match => ["logdate", "dd-MMM-yyyy::HH:mm:ss"]
target => "@timestamp"
remove_field => "logdate"
timezone => "Europe/Zurich" <-- add this line
}
You may change "Europe/Zurich" to whatever timezone makes sense to you (other list of time zones that might be of use)