Issues
- fields.timestamp is UTC-5 (logs 5 hours behind)LOGSTASH-1897Resolved issue: LOGSTASH-1897Logstash Developers
- Upgrade compatibility: Problems converting config
LOGSTASH-1777Logstash Developers - underscore swallowed by <em> for sns_subject and sns_messageLOGSTASH-1684Resolved issue: LOGSTASH-1684Jordan Sissel
- Using lumberjack to connect two logstash instances hangs after 4999 events are transmittedLOGSTASH-1570Logstash Developers
- Events not being output to file on Debian 7.0LOGSTASH-1557Logstash Developers
- Problem after logstash upgrade from 1.1.13 to 1.2.2LOGSTASH-1543Logstash Developers
- Allow time-macros in file definitionsLOGSTASH-1542Resolved issue: LOGSTASH-1542Logstash Developers
- Problem adding a tag containing the value of a fieldLOGSTASH-1539Logstash Developers
- sample_rate parameter does not work for statsd outputLOGSTASH-1441Resolved issue: LOGSTASH-1441Jordan Sissel
- geoip fails when using database =>LOGSTASH-1391Logstash Developers
- output email output does not seem to workLOGSTASH-1365Logstash Developers
- Change of date format (yy-mm-dd) to (yyyy-mm-dd) between 1.2.1 & 1.1.13LOGSTASH-1359Logstash Developers
- rspec fails, but same in grok debugger works (tried on both 1.2.1 & 1.1.13)LOGSTASH-1351Logstash Developers
- Multiple files of type KV requiring different filteringLOGSTASH-1343Logstash Developers
- kv limited fieldsLOGSTASH-1306Resolved issue: LOGSTASH-1306Logstash Developers
- Add posibility to remove namespaces in xml filterLOGSTASH-1301Resolved issue: LOGSTASH-1301Philippe Weber
- Multiline filter is not consuming all the linesLOGSTASH-1293Resolved issue: LOGSTASH-1293Jason Kendall
- GELF timestamps not processed correctly for input "gelf"LOGSTASH-1292Resolved issue: LOGSTASH-1292Logstash Developers
- IPV6 Support for Redis outputLOGSTASH-1291Richard Pijnenburg
- UDP input doesn't set @source_host on v6 connectionLOGSTASH-1277Resolved issue: LOGSTASH-1277Philippe Weber
- Add array type to kv filterLOGSTASH-1269Resolved issue: LOGSTASH-1269Richard Pijnenburg
- opentsdb timestamp from the eventLOGSTASH-1268Logstash Developers
- kv filter not do create target in @fields.LOGSTASH-1267Resolved issue: LOGSTASH-1267Logstash Developers
- grok should handle non existent fields betterLOGSTASH-1266Resolved issue: LOGSTASH-1266Logstash Developers
- prune does not work with booleanLOGSTASH-1265Logstash Developers
- add_field should default to single and promote if there is an arrayLOGSTASH-1264Resolved issue: LOGSTASH-1264Logstash Developers
- Bug in Joda Time Library Causing Parsing IssuesLOGSTASH-1262Resolved issue: LOGSTASH-1262Philippe Weber
- Ordering with multiple input/filter/output definitionsLOGSTASH-1260Philippe Weber
- Pipe output erroring: <NoMethodError: undefined method `close' for #<PipeWrapper:0x144c6900 @pipe=#<IO:fd 184>LOGSTASH-1259Logstash Developers
- Error writing to elasticsearchLOGSTASH-1258Resolved issue: LOGSTASH-1258Logstash Developers
- CSV filter overwrites content of configured targetLOGSTASH-1257Resolved issue: LOGSTASH-1257Richard Pijnenburg
- TZ pattern incorrect (for CEST)?LOGSTASH-1255Resolved issue: LOGSTASH-1255João Duarte
- Lumberjack connections stay in CLOSE_WAIT state indefinitelyLOGSTASH-1253Logstash Developers
- QS grok pattern takes an extra spaceLOGSTASH-1251Resolved issue: LOGSTASH-1251Philippe Weber
- Use of grep with 2 criteriasLOGSTASH-1247Resolved issue: LOGSTASH-1247Jason Kendall
- Gelfd TooManyChunksError - gelf listener diedLOGSTASH-1245Logstash Developers
- logstash log4j configuration cannot be changedLOGSTASH-1243Resolved issue: LOGSTASH-1243Logstash Developers
- Error while parsing syslog-ng messagesLOGSTASH-1241Resolved issue: LOGSTASH-1241Jason Kendall
- Can't ignore _grokparsefailure with grep/matchLOGSTASH-1240Resolved issue: LOGSTASH-1240Philippe Weber
- Grok's "match" throws "(TypeError) can't convert Array into String"LOGSTASH-1239Resolved issue: LOGSTASH-1239Jason Kendall
- Kibana-Int ES indexLOGSTASH-1237Resolved issue: LOGSTASH-1237Logstash Developers
- Input ElasticSearch limitLOGSTASH-1236Resolved issue: LOGSTASH-1236Richard Pijnenburg
- Input Elasticsearch / Output Elasticsearch stateLOGSTASH-1235Resolved issue: LOGSTASH-1235Logstash Developers
- Input elasticsearch existing indiceLOGSTASH-1234Resolved issue: LOGSTASH-1234Logstash Developers
- Filter jsonLOGSTASH-1233Resolved issue: LOGSTASH-1233Jason Kendall
- Date filter doesn't match my fieldLOGSTASH-1231Resolved issue: LOGSTASH-1231Logstash Developers
- What should be backported to 1.1.xLOGSTASH-1230Logstash Developers
- Could not load FFI Provider: (NotImplementedError) FFI not available: nullLOGSTASH-1227Resolved issue: LOGSTASH-1227Logstash Developers
- Running logstash with IBM JAVA kill the processLOGSTASH-1226Logstash Developers
- Clone filter "can't clone Fixnum"LOGSTASH-1225Resolved issue: LOGSTASH-1225Logstash Developers
50 of 123
fields.timestamp is UTC-5 (logs 5 hours behind)
Fixed
Description
Attachments
1
Gliffy Diagrams
Details
Details
Created February 13, 2014 at 11:07 PM
Updated February 17, 2014 at 12:22 AM
Resolved February 17, 2014 at 12:22 AM
Activity
Show:
nitin February 17, 2014 at 12:22 AM
I found the problem.
The way JVM works out the default timezone is as follows:
1) Looks to environment variable TZ
This is not set in our linux box
2) JVM looks for the file /etc/sysconfig/clock and tries to find the "ZONE" entry.
However, on these host the ZONE entry does not have a double quote around the actual variable, and the JVM code is unable to recongise the entry.
3) If the ZONE entry is not found, the JVM will compare contents fo /etc/localtime with the contents of every file in /usr/share/zoneinfo recursively. When the contents matches, it returns the path and filename, referenced from /usr/share/zoneinfo
I don't have TZ variable so JVM went to see /etc/sysconfig/clock and it was set to "America/New york" changing that to UTC fixed the problem.
It still doesn't explain why the index was created in future.
Hi,
I have same config on about 40 servers and 5 of them are exhibiting this problem. All my servers are in UTC, all log stamps are in UTC but when logstash reads these logs its converting @fields.timestamp to UTC-5 but the @timestamp is still in UTC. I have tried removing date filter, behavior remains the same. So I suspect it's not the date filter.
What even more strange is when I had the logstash-agent stopped I can still see logs flowing in kibana, which makes me think the logs are 5 hours behind.
Even though the logs are behind it creates a new index 5 hours in future.
filter {
grok {
type => "blabla"
pattern => "%{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA:message}"
}
date {
match => ["timestamp", "ISO8601", "UNIX", "UNIX_MS"]
}
}
output {
redis {
host => ["192.168.128.189","192.168.128.146"]
data_type => "list"
key => "logstash"
shuffle_hosts => false
}
}
Anyone else had this problem?