Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

time getting converted to @timestamp in local time zone. #130

Closed
ranjeetkgupta opened this issue Oct 1, 2015 · 3 comments
Closed

time getting converted to @timestamp in local time zone. #130

ranjeetkgupta opened this issue Oct 1, 2015 · 3 comments
Labels
waiting-on-feedback

Comments

@ranjeetkgupta
Copy link

I am using logstash_format true in my configuration. As i understand it will inject a field @timestamp using the time filed. The issue is its deriving @timestamp from time using local time zone. For example

time:2015-09-28_16:30:13 produces @timestamp September 28th 2015, 22:00:13.000 (i am in +5:30 timezone). Is there any way this conversion(using a different time zone) could be suppressed.?
I just need @timestamp to reflect the same time.
time_format Config in 

time_format %Y-%m-%d_%H:%M:%S
time appears in the log as 2015-09-28_07:30:00.871
@portante
Copy link

portante commented Oct 1, 2015

@ranjeetkgupta, that appears to be UTC, isn't that the correct value you want? You're UI should probably convert from UTC to localtime. kibana does that, right? Or am I not understanding the problem?

@ranjeetkgupta
Copy link
Author

Here is the thing .. Logs from my application doesn't have time zone specifiert(but its already in IST ,local TZ).For example , 2015-09-28_19:30:13. Now, the time derived for @timestamp is using this value by further adding (+0530, converting to IST). So, it becomes @timestamp:September 29th 2015, 01:00:13.000.

I don't want this conversion(or derivation) to local timezone as my time is already in a local timezone (but without a timezone specifier).

@portante
Copy link

portante commented Oct 9, 2015

@ranjeetkgupta, so first, even though fluentd does not track sub-second time values well (though upcoming nanosecond patch, PR fluent/fluentd#653, will likely fix that), you might want to uptime your time_format string to be "%Y-%m-%d_%H:%M:%S.%L".

Second, I don't think this is a problem of the fluent-plugin-elasticsearch doing the wrong thing. When fluentd converts the time from the log entry, the internal time object has the local timezone in the timezone object. If you look at line 140 of the plugin, https://github.com/uken/fluent-plugin-elasticsearch/blob/master/lib/fluent/plugin/out_elasticsearch.rb#L140, you'll see that it is using the to_s() method to construct the string for the @timestamp value, which should have the form: "2015-09-28T19:30:13+05:30". In other words, the plugin is just appending the timezone information when indexing.

Next, I believe ElasticSearch is storing that value as a UTC time value, which would be, "2015-09-28T14:00:13-00:00".

So now the question is, why can't you convert from UTC back to IST when you retrieve the values?

Can you show the queries you are doing that get the wrong timestamp values?

@pitr pitr closed this as completed Nov 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting-on-feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pitr @portante @ranjeetkgupta