Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow date filter to utilize timezone offset format for default timezone #146

Open
renzedj opened this issue Feb 23, 2022 · 0 comments
Open

Allow date filter to utilize timezone offset format for default timezone #146

renzedj opened this issue Feb 23, 2022 · 0 comments
Labels
enhancement

Comments

@renzedj
Copy link

renzedj commented Feb 23, 2022
edited
Loading

Use Case

As an Elastic Stack admin, I have logs being ingested from multiple timezones. Many of these logs do not have timezones set in the log event. I am able to include the event.timezone in the log event, by setting a processor with the beat, which then returns the timezone in the format:

{
  "event": {
    "timezone": "-07:00"
  }
}

However I am unable to use that timezone information directly in the date filter when parsing the date.

Desired Outcome

The date filter documentation states:

This field can be dynamic and include parts of the event using the %{field} syntax

However, the date filter requires a Joda-formatted timezone, so the following fails:

date {
    match => [ "[@metadata][_timestamp]", "MMM dd, yyyy H:mm:ss a" ]
    timezone => "%{[event][timezone]}"
    target => "@timestamp"
}

Please allow the timezone parameter to also accept an offset format, in addition to the Joda format or add a second, mutually-exclusive parameter timezone_offset, which accomplishes the same thing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@renzedj