Add to logstash filter config:
With ISO_8601 log timestamp (etc laravel log):
match => { "message" => "\[%{TIMESTAMP_ISO8601:timelog}\.........]
date {
match => ["timelog", "ISO8601", "yyyy-MM-dd HH:mm:ss" ]
target => "@timestamp"
locale => "en"
timezone => "Asia/Ho_Chi_Minh"
remove_field => "timelog" }
With HTTP_DATE log timestamp (etc nginx log request):
date {
match => ["timelog", "dd/MMM/YYYY:HH:mm:ss Z"]
target => "@timestamp"
remove_field => "timelog" }
Z is timezone, no need to add timezone to logstash config.
