logstash 默认时间少8小时的修改办法

logstash 的配置文件添加

filter {

ruby {
code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
}
ruby {
code => "event.set('@timestamp',event.get('timestamp'))"
}
mutate {
remove_field => ["timestamp"]
}

}

 

这样output 输出的时间才是正确的，前提服务器时区已经修改了

output:

file{
path => "/data/logs/service/stdout-%{+YYYY-MM-dd-HH}.log"
codec => line {
format => "%{message}"
}
}