Logstash converts the @timestamp time to the local time.

Logstash converts the @timestamp time to the local time. If the local time zone is the Beijing time zone, add the following filter to solve the problem.

Filter {
         Ruby {
            Code => "event.set('mytime', (event.get('@timestamp').time.localtime + 8*60*60).strftime('%Y-%m-%d %H:%M :%S'))"
         }
         Date {
         Match => [ "mytime","yyyy-MM-dd HH:mm:ss" ]
         }
}

Remember, date { match => [ “mytime”,”yyyy-MM-dd HH:mm:ss” ] } can’t be less

Leave a Comment

Your email address will not be published.