Send TZ in timestamps to logstash #9140
Conversation
Logstash by itself takes care of conversion of timestamps to UTC, with how it was logstash was showing wrong time for the events.
|
I wasn't sending any TZ info, so which conversion was being done?! |
|
It was being sent as UTC, without any timezone info. Seeing as I'm CEST events that just happened logstash (kibana) was showing as having happened as an hour ago, as on input it assumes (I think..) that dates are sent in local time. |
|
|
|
In that case probably a modification to example logstash config should be done, applying filter from http://logstash.net/docs/1.2.2/filters/date#timezone I guess something like: |
|
I'm changing the code to include the timezone in the timestamp. In [9]: class UTC(datetime.tzinfo):
def utcoffset(self, dt):
return datetime.timedelta(0)
def dst(self, dt):
return datetime.timedelta(0)
In [10]: print datetime.datetime.now(UTC())
2013-12-10 15:55:38.301780+00:00
In [11]: print datetime.datetime.utcnow()
2013-12-10 15:55:43.008449 |
|
Would this fix it? |
|
Or the filter would still be required? |
|
If you could show me how to change the code to try that I'll get back to you with the result. |
|
I'll get that to you in about 30 mins or so... |
|
I wonder if that matters - /etc/localtime points at local time zone, not UTC. |
|
It most likely is a case of PEBKAC but I still wasn't able to adjust the date displayed with filter. https://gist.github.com/viq/7893190 is what I'm trying. |
|
You're feeding logstash from salt? or from syslog? |
|
Both. But salt logs go directly from salt via a zeromq socket as described at http://docs.saltstack.com/ref/configuration/logging/handlers/salt.log.handlers.logstash_mod.html |
|
Sorry, will have to get back to it tomorrow. |
diff --git a/salt/log/handlers/logstash_mod.py b/salt/log/handlers/logstash_mod.py
index 3781a74..e41a767 100644
--- a/salt/log/handlers/logstash_mod.py
+++ b/salt/log/handlers/logstash_mod.py
@@ -116,13 +116,20 @@ import json
import socket
import logging
import logging.handlers
-from datetime import datetime
+import datetime
# Import salt libs
from salt._compat import string_types
from salt.log.setup import LOG_LEVELS
from salt.log.mixins import NewStyleClassMixIn
+# Import 3rd-party libs
+try:
+ from pytz import utc as _UTC
+ HAS_PYTZ = True
+except ImportError:
+ HAS_PYTZ = False
+
log = logging.getLogger(__name__)
# Define the module's virtual name
@@ -214,7 +221,10 @@ class LogstashFormatter(logging.Formatter, NewStyleClassMixIn):
super(LogstashFormatter, self).__init__(fmt=None, datefmt=None)
def formatTime(self, record, datefmt=None):
- return datetime.utcfromtimestamp(record.created).isoformat()
+ timestamp = datetime.datetime.utcfromtimestamp(record.created)
+ if HAS_PYTZ:
+ return _UTC.localize(timestamp).isoformat()
+ return '{0}+00:00'.format(timestamp.isoformat())
def format(self, record):
host = socket.getfqdn()
That's the patch to test, if you can... |
|
Updated for readability. |
|
With this change and no date filter the messages are showing up with proper time. |
|
Want to update this PR with the fix? Or want me to? Pedro Algarvio @ Phone ----- Reply message ----- — |
|
Still learning the ropes with git, I'll try to, but if you beat me to it feel free :) |
This reverts commit 4628065.
|
Uhm, I think I've done it. |
|
Yep! You have!!!! |
Send TZ in timestamps to logstash
|
Thank you for the contribution! |
|
I just spotted it, you did all the hard work ;) Thank you :) |
|
Nah! The hard part is finding out why it's failing 😄 |
|
Hey, @s0undt3ch This pull req is causing this issue now: #9180 |
Logstash by itself takes care of conversion of timestamps to UTC, with how it was logstash was showing wrong time for the events.