Convert timestamp timezone in Logstash for output index name

Question

In my scenario, the \"timestamp\" of the syslog lines Logstash receives is in UTC and we use the event \"timestamp\" in the Elasticsearch output:

output {
           


        

Answer 1

In logstash version 5.0 and later, you can use this:

filter{
ruby {
        code => "event.set('index_day', event.get('[@timestamp]').time.localtime.strftime('%Y%m%d'))"
    }
}