That certainly sounds obvious, however, I can't get it to work. The documented options for the "7.2.4. Elasticsearch destination options" does NOT include a time-zone option. My java destination is devined as: destination d_elasticsearch_1 { java( class-path("/usr/local/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar") class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination") option("index", "flare-${YEAR}.${MONTH}.${DAY}.${HOUR}") option("type", "test") option("client-mode", "node") option("resource", "/etc/elasticsearch/elasticsearch.yml") option("log-fifo-size","75000") option("time-zone","UTC") option("cluster", "uvic-cluster-01") option("message-template", "$MESSAGE") option("flush-limit", "50") ); }; But my index uses the hour from the local timezone, not the UTC time zone. Is the order of the options important? Does the elasticsearch destination fail apply the time zone to the index? This is beginning to look like a bug. Evan. On 09/28/2015 10:04 PM, Fabien Wernli wrote:
Hi Evan,
Just use the `time-zone` option in the `java` block.
Cheers
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria