Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

触发条件时间,时区也不对,需要修复 #3

Open
weihc02 opened this issue Feb 28, 2019 · 11 comments
Open

触发条件时间,时区也不对,需要修复 #3

weihc02 opened this issue Feb 28, 2019 · 11 comments

Comments

@weihc02
Copy link

weihc02 commented Feb 28, 2019

触发条件时间,时区也不对,需要修复,请问取的是系统时间吗
@Hello-Linux
Copy link
Owner

@weihc02 你是用的docker 镜像部署的时区不对么?

@weihc02
Copy link
Author

weihc02 commented Feb 28, 2019

时区对的,引用宿主机时区,@timestamp ,也是上海时间
类似:
image

@Hello-Linux
Copy link
Owner

alpine 镜像没有使用东八区,一会更新一下dockerfile

@weihc02
Copy link
Author

weihc02 commented Feb 28, 2019

挂载本地时间进去,按道理应该也是可以解决时区的问题,容器时间已经是对的了
/opt/elastalert # date
Thu Feb 28 13:34:20 CST 2019

@timestamp 告警出来时区还是不对的

@Hello-Linux
Copy link
Owner

@timestamp 跟你是不是相差了8个小时?

@weihc02
Copy link
Author

weihc02 commented Feb 28, 2019

是的

@Hello-Linux
Copy link
Owner

@weihc02 这个是由于你的elasticsearch 处理时间使用的是UTC时间,你需要加一个fileter 或者在日志输入上修改你的timestamp时间为北京时间 也就是在UTC的时间上+8小时

@weihc02
Copy link
Author

weihc02 commented Feb 28, 2019

fileter 加在什么地方,es上?

@weihc02
Copy link
Author

weihc02 commented Feb 28, 2019

现在是filebeat-->es

@Hello-Linux
Copy link
Owner

@weihc02 没有使用logstash么?直接是filebeat 到es?

@Hello-Linux
Copy link
Owner

@weihc02 logstash的是加一个fileter data插件:
date {
match =>["timestamp","dd/MMM/yyyy:HH:mm:ss +0800"]
target =>"@timestamp"
locale=>"en"
timezone =>"UTC"
}
filebeat的目前 还不知道一会我去看看去 你可以参考参考官方的资料

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weihc02 @Hello-Linux