diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e20aa14bbc28..f0d9d7be307e 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -106,6 +106,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix goroutine leak caused on initialization failures of log input. {pull}12125[12125] - Fix goroutine leak on non-explicit finalization of log input. {pull}12164[12164] - Skipping unparsable log entries from docker json reader {pull}12268[12268] +- Parse timezone in PostgreSQL logs as part of the timestamp {pull}12338[12338] - Require client_auth by default when ssl is enabled for tcp input {pull}12333[12333] *Heartbeat* @@ -247,6 +248,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* - `docker` input is deprecated in favour `container`. {pull}12162[12162] +- `postgresql.log.timestamp` field is deprecated in favour of `@timestamp`. {pull}12338[12338] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 59c85497db56..4bb25f23574b 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -12149,6 +12149,9 @@ Fields from the PostgreSQL log files. *`postgresql.log.timestamp`*:: + -- + +deprecated[7.3.0] + The timestamp from the log line. diff --git a/filebeat/module/postgresql/fields.go b/filebeat/module/postgresql/fields.go index 80b55bcb5c2a..9d799833aa64 100644 --- a/filebeat/module/postgresql/fields.go +++ b/filebeat/module/postgresql/fields.go @@ -32,5 +32,5 @@ func init() { // AssetPostgresql returns asset data. // This is the base64 encoded gzipped contents of module/postgresql. func AssetPostgresql() string { - return "eJyck0FP3DAQhe/5FU97rER+QCr1guAEbSnckdlMHKu2x3gc1O2vr7xhtcGbRKRztPXe9/ImvsJvOjQILElHkldbAckkSw12P8fDx4e7XQW0JPtoQjLsG3yrAOCe28ESOo4IKorxGqknnHWwrNEZS1JXgPQc0/OefWd0gxQHqoDOkG2lOfpdwStHRZo86RCogY48hPeTmTTj3B790EV2RZBjhjxT5BRrWU+MLpmr3I/ktRpOU8aYRknGkSTlwofbVXyep57O0nOSjLfGUz3L2nOkZ9MWZuPnW/Z6W4RrjoTC7URqVVIvSqgQ0R/lwvGPc4f2ZbfCu6B9V47A3bzzCfs6UDwsMh9v7m6un/AFt79+3GMQivJ1U4aHbA9JKpEjn84lL272L/uyg7FuZY2S4iao1Degt2y9IHZGRzUu5P1VzXD7SKpd2vMyOETek0gdLpSfoeY6NwKzpM7q/8BZeiO7kWdZ13O6z/AciSi9dZfzqpL3LwAA//+FnHBP" + return "eJyck0Fr3DAQhe/+FY89FmIKPRRc6CUkp6RtmtyDYo9lUUmjaOTQ7a8vWmfZjdZe4sxRw3vf4419gT+0bRBYko4kz7YCkkmWGmx+TY/3dzebCuhI2mhCMuwbfK8A4Ja70RJ6jggqivEaaSAcdLCs0RtLUleADBzTY8u+N7pBiiNVQG/IdtLs/C7glaMiTZ60DdRARx7D68tMmmmud37oI7siyC5DnmPkMdayPjI6ZZ7lviWfq2E/ZYzjKMk4kqRceLPN+BCpVYm6Bl/rL/Xnk/1ivDwPAx2sD0lzPGs81bNZWo70aLrCbKrHstfrIlxyJBRue1KnknpSQoWI/ioXdl+k23ZPmzO8E9oP5Qjczzvvsc8jxe0i8/7q5uryAZ9w/fvnLUahKN9WZbjL9pCkEjny6VDy4uX/sS87mOpW1igpNkGloQG9ZOsFsTM6qukgr3/dDHeIpLqlOy+DQ+SWROpwonwPNde5EpgldVZ/AGfphexKnmVdz+new3MkovTaW86rSt7/AAAA//+nmXd6" } diff --git a/filebeat/module/postgresql/log/_meta/fields.yml b/filebeat/module/postgresql/log/_meta/fields.yml index d7ee240dcfb3..dd2ce0b6465d 100644 --- a/filebeat/module/postgresql/log/_meta/fields.yml +++ b/filebeat/module/postgresql/log/_meta/fields.yml @@ -4,6 +4,7 @@ Fields from the PostgreSQL log files. fields: - name: timestamp + deprecated: 7.3.0 description: > The timestamp from the log line. - name: core_id diff --git a/filebeat/module/postgresql/log/ingest/pipeline.json b/filebeat/module/postgresql/log/ingest/pipeline.json index 5101d751a98c..c0d83f38065b 100644 --- a/filebeat/module/postgresql/log/ingest/pipeline.json +++ b/filebeat/module/postgresql/log/ingest/pipeline.json @@ -6,10 +6,10 @@ "field": "message", "ignore_missing": true, "patterns": [ - "^%{LOCALDATETIME:postgresql.log.timestamp} %{WORD:event.timezone} \\[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.core_id:long})?\\] ((\\[%{USERNAME:user.name}\\]@\\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) )?%{WORD:log.level}: (duration: %{NUMBER:temp.duration:float} ms statement: %{GREEDYDATA:postgresql.log.query}|%{GREEDYDATA:message})" + "^%{DATETIME:postgresql.log.timestamp} \\[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.core_id:long})?\\] ((\\[%{USERNAME:user.name}\\]@\\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) )?%{WORD:log.level}: (duration: %{NUMBER:temp.duration:float} ms statement: %{GREEDYDATA:postgresql.log.query}|%{GREEDYDATA:message})" ], "pattern_definitions": { - "LOCALDATETIME": "[-0-9]+ %{TIME}", + "DATETIME": "[-0-9]+ %{TIME} %{WORD:event.timezone}", "GREEDYDATA": "(.|\n|\t)*", "POSTGRESQL_DB_NAME": "[a-zA-Z0-9_]+[a-zA-Z0-9_\\$]*" } @@ -20,9 +20,8 @@ "field": "postgresql.log.timestamp", "target_field": "@timestamp", "formats": [ - "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss" - ], - "ignore_failure": true + "yyyy-MM-dd HH:mm:ss.SSS zz", "yyyy-MM-dd HH:mm:ss zz" + ] } }, { "script": { diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json index 126b93ca0de2..229a2c09279e 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-07-31T13:36:42.585Z", + "@timestamp": "2017-07-31T11:36:42.585Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -10,12 +10,12 @@ "log.level": "LOG", "log.offset": 0, "message": "database system was shut down at 2017-06-17 16:58:04 CEST", - "postgresql.log.timestamp": "2017-07-31 13:36:42.585", + "postgresql.log.timestamp": "2017-07-31 13:36:42.585 CEST", "process.pid": 4974, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.605Z", + "@timestamp": "2017-07-31T11:36:42.605Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -25,12 +25,12 @@ "log.level": "LOG", "log.offset": 100, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-07-31 13:36:42.605", + "postgresql.log.timestamp": "2017-07-31 13:36:42.605 CEST", "process.pid": 4974, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.615Z", + "@timestamp": "2017-07-31T11:36:42.615Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -40,12 +40,12 @@ "log.level": "LOG", "log.offset": 198, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-07-31 13:36:42.615", + "postgresql.log.timestamp": "2017-07-31 13:36:42.615 CEST", "process.pid": 4978, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.616Z", + "@timestamp": "2017-07-31T11:36:42.616Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -55,12 +55,12 @@ "log.level": "LOG", "log.offset": 268, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-07-31 13:36:42.616", + "postgresql.log.timestamp": "2017-07-31 13:36:42.616 CEST", "process.pid": 4973, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:42.956Z", + "@timestamp": "2017-07-31T11:36:42.956Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -71,13 +71,13 @@ "log.offset": 357, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-07-31 13:36:42.956", + "postgresql.log.timestamp": "2017-07-31 13:36:42.956 CEST", "process.pid": 4980, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-07-31T13:36:43.557Z", + "@timestamp": "2017-07-31T11:36:43.557Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 37118000, @@ -93,13 +93,13 @@ "message": "2017-07-31 13:36:43.557 CEST [4983] postgres@postgres LOG: duration: 37.118 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.timestamp": "2017-07-31 13:36:43.557", + "postgresql.log.timestamp": "2017-07-31 13:36:43.557 CEST", "process.pid": 4983, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:36:44.104Z", + "@timestamp": "2017-07-31T11:36:44.104Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 2895000, @@ -115,13 +115,13 @@ "message": "2017-07-31 13:36:44.104 CEST [4986] postgres@postgres LOG: duration: 2.895 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.timestamp": "2017-07-31 13:36:44.104", + "postgresql.log.timestamp": "2017-07-31 13:36:44.104 CEST", "process.pid": 4986, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:36:44.642Z", + "@timestamp": "2017-07-31T11:36:44.642Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 2809000, @@ -137,13 +137,13 @@ "message": "2017-07-31 13:36:44.642 CEST [4989] postgres@postgres LOG: duration: 2.809 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.timestamp": "2017-07-31 13:36:44.642", + "postgresql.log.timestamp": "2017-07-31 13:36:44.642 CEST", "process.pid": 4989, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:16.249Z", + "@timestamp": "2017-07-31T11:39:16.249Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -154,13 +154,13 @@ "log.offset": 1727, "message": "database \"users\" does not exist", "postgresql.log.database": "users", - "postgresql.log.timestamp": "2017-07-31 13:39:16.249", + "postgresql.log.timestamp": "2017-07-31 13:39:16.249 CEST", "process.pid": 5407, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:17.945Z", + "@timestamp": "2017-07-31T11:39:17.945Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -171,13 +171,13 @@ "log.offset": 1818, "message": "database \"user\" does not exist", "postgresql.log.database": "user", - "postgresql.log.timestamp": "2017-07-31 13:39:17.945", + "postgresql.log.timestamp": "2017-07-31 13:39:17.945 CEST", "process.pid": 5500, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:21.025Z", + "@timestamp": "2017-07-31T11:39:21.025Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 37598000, @@ -193,13 +193,13 @@ "message": "2017-07-31 13:39:21.025 CEST [5404] postgres@postgres LOG: duration: 37.598 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.timestamp": "2017-07-31 13:39:21.025", + "postgresql.log.timestamp": "2017-07-31 13:39:21.025 CEST", "process.pid": 5404, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:31.619Z", + "@timestamp": "2017-07-31T11:39:31.619Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 9482000, @@ -212,13 +212,13 @@ "message": "2017-07-31 13:39:31.619 CEST [5502] postgres@clients LOG: duration: 9.482 ms statement: select * from clients;", "postgresql.log.database": "clients", "postgresql.log.query": "select * from clients;", - "postgresql.log.timestamp": "2017-07-31 13:39:31.619", + "postgresql.log.timestamp": "2017-07-31 13:39:31.619 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:39:40.147Z", + "@timestamp": "2017-07-31T11:39:40.147Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 765000, @@ -231,13 +231,13 @@ "message": "2017-07-31 13:39:40.147 CEST [5502] postgres@clients LOG: duration: 0.765 ms statement: select id from clients;", "postgresql.log.database": "clients", "postgresql.log.query": "select id from clients;", - "postgresql.log.timestamp": "2017-07-31 13:39:40.147", + "postgresql.log.timestamp": "2017-07-31 13:39:40.147 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:40:54.310Z", + "@timestamp": "2017-07-31T11:40:54.310Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 26082001, @@ -253,13 +253,13 @@ "message": "2017-07-31 13:40:54.310 CEST [5502] postgres@clients LOG: duration: 26.082 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", "postgresql.log.database": "clients", "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.timestamp": "2017-07-31 13:40:54.310", + "postgresql.log.timestamp": "2017-07-31 13:40:54.310 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:43:22.645Z", + "@timestamp": "2017-07-31T11:43:22.645Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 36161999, @@ -272,13 +272,13 @@ "message": "2017-07-31 13:43:22.645 CEST [5502] postgres@clients LOG: duration: 36.162 ms statement: create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", "postgresql.log.database": "clients", "postgresql.log.query": "create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", - "postgresql.log.timestamp": "2017-07-31 13:43:22.645", + "postgresql.log.timestamp": "2017-07-31 13:43:22.645 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:02.670Z", + "@timestamp": "2017-07-31T11:46:02.670Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 10540000, @@ -291,13 +291,13 @@ "message": "2017-07-31 13:46:02.670 CEST [5502] postgres@c$lients LOG: duration: 10.540 ms statement: insert into cats(name, toy, born) values('kate', 'ball', now());", "postgresql.log.database": "c$lients", "postgresql.log.query": "insert into cats(name, toy, born) values('kate', 'ball', now());", - "postgresql.log.timestamp": "2017-07-31 13:46:02.670", + "postgresql.log.timestamp": "2017-07-31 13:46:02.670 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:23.016Z", + "@timestamp": "2017-07-31T11:46:23.016Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 5156000, @@ -310,13 +310,13 @@ "message": "2017-07-31 13:46:23.016 CEST [5502] postgres@_clients$db LOG: duration: 5.156 ms statement: insert into cats(name, toy, born) values('frida', 'horse', now());", "postgresql.log.database": "_clients$db", "postgresql.log.query": "insert into cats(name, toy, born) values('frida', 'horse', now());", - "postgresql.log.timestamp": "2017-07-31 13:46:23.016", + "postgresql.log.timestamp": "2017-07-31 13:46:23.016 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:55.637Z", + "@timestamp": "2017-07-31T11:46:55.637Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 25871000, @@ -329,7 +329,7 @@ "message": "2017-07-31 13:46:55.637 CEST [5502] postgres@clients_db LOG: duration: 25.871 ms statement: create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", "postgresql.log.database": "clients_db", "postgresql.log.query": "create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", - "postgresql.log.timestamp": "2017-07-31 13:46:55.637", + "postgresql.log.timestamp": "2017-07-31 13:46:55.637 CEST", "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json index d759db48e142..d1bf43966d0c 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-multi-core.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -12,13 +12,13 @@ "message": "incomplete startup packet", "postgresql.log.core_id": 1, "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 12975, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -30,13 +30,13 @@ "message": "database \"user\" does not exist", "postgresql.log.core_id": 1, "postgresql.log.database": "user", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 5404, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:35:22.389Z", + "@timestamp": "2017-04-03T20:35:22.389Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.duration": 37598000, @@ -53,13 +53,13 @@ "postgresql.log.core_id": 2, "postgresql.log.database": "postgres", "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.timestamp": "2017-04-03 22:35:22.389", + "postgresql.log.timestamp": "2017-04-03 22:35:22.389 CEST", "process.pid": 5404, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:36:43.557Z", + "@timestamp": "2017-07-31T17:36:43.557Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -70,12 +70,12 @@ "log.offset": 897, "message": "autovacuum launcher started", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:43.557", + "postgresql.log.timestamp": "2017-07-31 13:36:43.557 EST", "process.pid": 835, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:44.227Z", + "@timestamp": "2017-07-31T17:36:44.227Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -86,12 +86,12 @@ "log.offset": 967, "message": "checkpoints are occurring too frequently (25 seconds apart)", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:44.227", + "postgresql.log.timestamp": "2017-07-31 13:36:44.227 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:02.670Z", + "@timestamp": "2017-07-31T17:46:02.670Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -102,12 +102,12 @@ "log.offset": 1069, "message": "Consider increasing the configuration parameter \"max_wal_size\".", "postgresql.log.core_id": 2, - "postgresql.log.timestamp": "2017-07-31 13:46:02.670", + "postgresql.log.timestamp": "2017-07-31 13:46:02.670 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:23.016Z", + "@timestamp": "2017-07-31T17:46:23.016Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -119,13 +119,13 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:23.016", + "postgresql.log.timestamp": "2017-07-31 13:46:23.016 EST", "process.pid": 768, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:55.637Z", + "@timestamp": "2017-07-31T17:46:55.637Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -137,7 +137,7 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:55.637", + "postgresql.log.timestamp": "2017-07-31 13:46:55.637 EST", "process.pid": 771, "service.type": "postgresql", "user.name": "postgres" diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json index 25e2cdee6315..fc0f951d21cc 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-new-timestamp.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-07-31T13:36:43.000Z", + "@timestamp": "2017-07-31T17:36:43.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -11,12 +11,12 @@ "log.offset": 0, "message": "autovacuum launcher started", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:43", + "postgresql.log.timestamp": "2017-07-31 13:36:43 EST", "process.pid": 835, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:36:44.000Z", + "@timestamp": "2017-07-31T17:36:44.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -27,12 +27,12 @@ "log.offset": 66, "message": "checkpoints are occurring too frequently (25 seconds apart)", "postgresql.log.core_id": 1, - "postgresql.log.timestamp": "2017-07-31 13:36:44", + "postgresql.log.timestamp": "2017-07-31 13:36:44 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:02.000Z", + "@timestamp": "2017-07-31T17:46:02.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -43,12 +43,12 @@ "log.offset": 164, "message": "Consider increasing the configuration parameter \"max_wal_size\".", "postgresql.log.core_id": 2, - "postgresql.log.timestamp": "2017-07-31 13:46:02", + "postgresql.log.timestamp": "2017-07-31 13:46:02 EST", "process.pid": 832, "service.type": "postgresql" }, { - "@timestamp": "2017-07-31T13:46:23.000Z", + "@timestamp": "2017-07-31T17:46:23.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -60,13 +60,13 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:23", + "postgresql.log.timestamp": "2017-07-31 13:46:23 EST", "process.pid": 768, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-07-31T13:46:55.000Z", + "@timestamp": "2017-07-31T17:46:55.000Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -78,7 +78,7 @@ "message": "the database system is starting up", "postgresql.log.core_id": 1, "postgresql.log.database": "postgres", - "postgresql.log.timestamp": "2017-07-31 13:46:55", + "postgresql.log.timestamp": "2017-07-31 13:46:55 EST", "process.pid": 771, "service.type": "postgresql", "user.name": "postgres" diff --git a/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json index e960a49642a1..82c92a0b882a 100644 --- a/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-ubuntu-9.5.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -11,13 +11,13 @@ "log.offset": 0, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 31225, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:32:14.322Z", + "@timestamp": "2017-04-03T20:32:14.322Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -28,13 +28,13 @@ "log.offset": 118, "message": "unexpected EOF on client connection with an open transaction", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:32:14.322", + "postgresql.log.timestamp": "2017-04-03 22:32:14.322 CEST", "process.pid": 31225, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:35:22.389Z", + "@timestamp": "2017-04-03T20:35:22.389Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -45,13 +45,13 @@ "log.offset": 236, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:35:22.389", + "postgresql.log.timestamp": "2017-04-03 22:35:22.389 CEST", "process.pid": 3474, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:36:56.464Z", + "@timestamp": "2017-04-03T20:36:56.464Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -62,13 +62,13 @@ "log.offset": 353, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:36:56.464", + "postgresql.log.timestamp": "2017-04-03 22:36:56.464 CEST", "process.pid": 3525, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-03T22:37:12.961Z", + "@timestamp": "2017-04-03T20:37:12.961Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -79,13 +79,13 @@ "log.offset": 470, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-03 22:37:12.961", + "postgresql.log.timestamp": "2017-04-03 22:37:12.961 CEST", "process.pid": 3570, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T21:05:28.549Z", + "@timestamp": "2017-04-07T19:05:28.549Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -96,13 +96,13 @@ "log.offset": 587, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 21:05:28.549", + "postgresql.log.timestamp": "2017-04-07 21:05:28.549 CEST", "process.pid": 21483, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T21:09:41.345Z", + "@timestamp": "2017-04-07T19:09:41.345Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -113,13 +113,13 @@ "log.offset": 705, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 21:09:41.345", + "postgresql.log.timestamp": "2017-04-07 21:09:41.345 CEST", "process.pid": 21597, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:45:30.218Z", + "@timestamp": "2017-04-07T20:45:30.218Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -130,13 +130,13 @@ "log.offset": 823, "message": "operator does not exist: jsonb @> at character 49", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:45:30.218", + "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:45:30.218Z", + "@timestamp": "2017-04-07T20:45:30.218Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -147,13 +147,13 @@ "log.offset": 932, "message": "No operator matches the given name and argument type(s). You might need to add explicit type casts.", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:45:30.218", + "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:45:30.218Z", + "@timestamp": "2017-04-07T20:45:30.218Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -164,13 +164,13 @@ "log.offset": 1090, "message": "SELECT id, user FROM users WHERE NOT user @> %s", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:45:30.218", + "postgresql.log.timestamp": "2017-04-07 22:45:30.218 CEST", "process.pid": 22603, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:46:09.751Z", + "@timestamp": "2017-04-07T20:46:09.751Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -181,13 +181,13 @@ "log.offset": 1201, "message": "column \"%s\" does not exist at character 52", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:46:09.751", + "postgresql.log.timestamp": "2017-04-07 22:46:09.751 CEST", "process.pid": 22608, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T22:46:09.751Z", + "@timestamp": "2017-04-07T20:46:09.751Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -198,13 +198,13 @@ "log.offset": 1303, "message": "SELECT id, user FROM users WHERE NOT user @> \"%s\"", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 22:46:09.751", + "postgresql.log.timestamp": "2017-04-07 22:46:09.751 CEST", "process.pid": 22608, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:02:51.199Z", + "@timestamp": "2017-04-07T21:02:51.199Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -215,13 +215,13 @@ "log.offset": 1416, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:02:51.199", + "postgresql.log.timestamp": "2017-04-07 23:02:51.199 CEST", "process.pid": 24341, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:02:51.199Z", + "@timestamp": "2017-04-07T21:02:51.199Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -232,13 +232,13 @@ "log.offset": 1534, "message": "unexpected EOF on client connection with an open transaction", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:02:51.199", + "postgresql.log.timestamp": "2017-04-07 23:02:51.199 CEST", "process.pid": 24341, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:36.087Z", + "@timestamp": "2017-04-07T21:04:36.087Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -249,13 +249,13 @@ "log.offset": 1652, "message": "syntax error at or near \"{\" at character 49", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:36.087", + "postgresql.log.timestamp": "2017-04-07 23:04:36.087 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:36.087Z", + "@timestamp": "2017-04-07T21:04:36.087Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -266,13 +266,13 @@ "log.offset": 1755, "message": "INSERT INTO users (id, user) VALUES (1, {\"attr\": \"yes\"});", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:36.087", + "postgresql.log.timestamp": "2017-04-07 23:04:36.087 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:51.462Z", + "@timestamp": "2017-04-07T21:04:51.462Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -283,13 +283,13 @@ "log.offset": 1876, "message": "syntax error at or near \"{\" at character 49", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:51.462", + "postgresql.log.timestamp": "2017-04-07 23:04:51.462 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:04:51.462Z", + "@timestamp": "2017-04-07T21:04:51.462Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -300,13 +300,13 @@ "log.offset": 1979, "message": "INSERT INTO users (id, user) VALUES (1, {attr: \"yes\"});", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:04:51.462", + "postgresql.log.timestamp": "2017-04-07 23:04:51.462 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:06.217Z", + "@timestamp": "2017-04-07T21:05:06.217Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -317,13 +317,13 @@ "log.offset": 2098, "message": "column \"a\" does not exist at character 42", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:06.217", + "postgresql.log.timestamp": "2017-04-07 23:05:06.217 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:06.217Z", + "@timestamp": "2017-04-07T21:05:06.217Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -334,13 +334,13 @@ "log.offset": 2199, "message": "INSERT INTO users (id, user) VALUES (1, '{\"attr\": \"yes\"}');", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:06.217", + "postgresql.log.timestamp": "2017-04-07 23:05:06.217 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:18.295Z", + "@timestamp": "2017-04-07T21:05:18.295Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -351,13 +351,13 @@ "log.offset": 2322, "message": "column \"attr\" does not exist at character 42", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:18.295", + "postgresql.log.timestamp": "2017-04-07 23:05:18.295 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:05:18.295Z", + "@timestamp": "2017-04-07T21:05:18.295Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -368,13 +368,13 @@ "log.offset": 2426, "message": "INSERT INTO users (id, user) VALUES (\"1\", '{\"attr\": \"no\"}');", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:05:18.295", + "postgresql.log.timestamp": "2017-04-07 23:05:18.295 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:13:47.505Z", + "@timestamp": "2017-04-07T21:13:47.505Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -385,13 +385,13 @@ "log.offset": 2550, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:13:47.505", + "postgresql.log.timestamp": "2017-04-07 23:13:47.505 CEST", "process.pid": 24489, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-07T23:13:47.505Z", + "@timestamp": "2017-04-07T21:13:47.505Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -402,13 +402,13 @@ "log.offset": 2668, "message": "unexpected EOF on client connection with an open transaction", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-07 23:13:47.505", + "postgresql.log.timestamp": "2017-04-07 23:13:47.505 CEST", "process.pid": 24489, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T12:32:51.056Z", + "@timestamp": "2017-04-08T10:32:51.056Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -419,13 +419,13 @@ "log.offset": 2786, "message": "duplicate key value violates unique constraint \"users_pkey\"", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 12:32:51.056", + "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T12:32:51.056Z", + "@timestamp": "2017-04-08T10:32:51.056Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -436,13 +436,13 @@ "log.offset": 2905, "message": "Key (id)=(1) already exists.", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 12:32:51.056", + "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T12:32:51.056Z", + "@timestamp": "2017-04-08T10:32:51.056Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -453,13 +453,13 @@ "log.offset": 2994, "message": "INSERT INTO users (id, user) VALUES ('1', '{\"attr\": \"yes\"}');", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 12:32:51.056", + "postgresql.log.timestamp": "2017-04-08 12:32:51.056 CEST", "process.pid": 20730, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T21:54:37.443Z", + "@timestamp": "2017-04-08T19:54:37.443Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -470,13 +470,13 @@ "log.offset": 3119, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 21:54:37.443", + "postgresql.log.timestamp": "2017-04-08 21:54:37.443 CEST", "process.pid": 30630, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T21:54:37.468Z", + "@timestamp": "2017-04-08T19:54:37.468Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -487,13 +487,13 @@ "log.offset": 3237, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-04-08 21:54:37.468", + "postgresql.log.timestamp": "2017-04-08 21:54:37.468 CEST", "process.pid": 30502, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-04-08T21:54:37.618Z", + "@timestamp": "2017-04-08T19:54:37.618Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -503,12 +503,12 @@ "log.level": "LOG", "log.offset": 3355, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-04-08 21:54:37.618", + "postgresql.log.timestamp": "2017-04-08 21:54:37.618 CEST", "process.pid": 20769, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.618Z", + "@timestamp": "2017-04-08T19:54:37.618Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -518,12 +518,12 @@ "log.level": "LOG", "log.offset": 3429, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-04-08 21:54:37.618", + "postgresql.log.timestamp": "2017-04-08 21:54:37.618 CEST", "process.pid": 20769, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.618Z", + "@timestamp": "2017-04-08T19:54:37.618Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -533,12 +533,12 @@ "log.level": "LOG", "log.offset": 3505, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-04-08 21:54:37.618", + "postgresql.log.timestamp": "2017-04-08 21:54:37.618 CEST", "process.pid": 20774, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.622Z", + "@timestamp": "2017-04-08T19:54:37.622Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -548,12 +548,12 @@ "log.level": "LOG", "log.offset": 3582, "message": "shutting down", - "postgresql.log.timestamp": "2017-04-08 21:54:37.622", + "postgresql.log.timestamp": "2017-04-08 21:54:37.622 CEST", "process.pid": 20771, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:54:37.644Z", + "@timestamp": "2017-04-08T19:54:37.644Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -563,12 +563,12 @@ "log.level": "LOG", "log.offset": 3639, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-04-08 21:54:37.644", + "postgresql.log.timestamp": "2017-04-08 21:54:37.644 CEST", "process.pid": 20769, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.932Z", + "@timestamp": "2017-04-08T19:56:02.932Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -578,12 +578,12 @@ "log.level": "LOG", "log.offset": 3711, "message": "database system was shut down at 2017-04-08 21:54:37 CEST", - "postgresql.log.timestamp": "2017-04-08 21:56:02.932", + "postgresql.log.timestamp": "2017-04-08 21:56:02.932 CEST", "process.pid": 797, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.944Z", + "@timestamp": "2017-04-08T19:56:02.944Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -593,12 +593,12 @@ "log.level": "LOG", "log.offset": 3810, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-04-08 21:56:02.944", + "postgresql.log.timestamp": "2017-04-08 21:56:02.944 CEST", "process.pid": 797, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.946Z", + "@timestamp": "2017-04-08T19:56:02.946Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -608,12 +608,12 @@ "log.level": "LOG", "log.offset": 3907, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-04-08 21:56:02.946", + "postgresql.log.timestamp": "2017-04-08 21:56:02.946 CEST", "process.pid": 780, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:02.947Z", + "@timestamp": "2017-04-08T19:56:02.947Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -623,12 +623,12 @@ "log.level": "LOG", "log.offset": 3995, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-04-08 21:56:02.947", + "postgresql.log.timestamp": "2017-04-08 21:56:02.947 CEST", "process.pid": 802, "service.type": "postgresql" }, { - "@timestamp": "2017-04-08T21:56:03.362Z", + "@timestamp": "2017-04-08T19:56:03.362Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -639,7 +639,7 @@ "log.offset": 4064, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-04-08 21:56:03.362", + "postgresql.log.timestamp": "2017-04-08 21:56:03.362 CEST", "process.pid": 891, "service.type": "postgresql", "user.name": "unknown" @@ -655,7 +655,7 @@ "log.level": "LOG", "log.offset": 4151, "message": "database system was shut down at 2017-05-27 14:07:52 UTC", - "postgresql.log.timestamp": "2017-05-27 14:07:53.007", + "postgresql.log.timestamp": "2017-05-27 14:07:53.007 UTC", "process.pid": 32567, "service.type": "postgresql" }, @@ -670,7 +670,7 @@ "log.level": "LOG", "log.offset": 4250, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-05-27 14:07:53.010", + "postgresql.log.timestamp": "2017-05-27 14:07:53.010 UTC", "process.pid": 32567, "service.type": "postgresql" }, @@ -685,7 +685,7 @@ "log.level": "LOG", "log.offset": 4348, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-05-27 14:07:53.015", + "postgresql.log.timestamp": "2017-05-27 14:07:53.015 UTC", "process.pid": 32566, "service.type": "postgresql" }, @@ -700,7 +700,7 @@ "log.level": "LOG", "log.offset": 4437, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-05-27 14:07:53.016", + "postgresql.log.timestamp": "2017-05-27 14:07:53.016 UTC", "process.pid": 32571, "service.type": "postgresql" }, @@ -716,7 +716,7 @@ "log.offset": 4507, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-05-27 14:07:53.463", + "postgresql.log.timestamp": "2017-05-27 14:07:53.463 UTC", "process.pid": 32573, "service.type": "postgresql", "user.name": "unknown" @@ -733,7 +733,7 @@ "log.offset": 4595, "message": "database \"mydb\" does not exist", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-05-27 14:08:13.661", + "postgresql.log.timestamp": "2017-05-27 14:08:13.661 UTC", "process.pid": 1308, "service.type": "postgresql", "user.name": "postgres" @@ -750,7 +750,7 @@ "log.offset": 4683, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-05-27 14:59:26.553", + "postgresql.log.timestamp": "2017-05-27 14:59:26.553 UTC", "process.pid": 1994, "service.type": "postgresql", "user.name": "postgres" @@ -767,13 +767,13 @@ "log.offset": 4799, "message": "could not receive data from client: Connection reset by peer", "postgresql.log.database": "mydb", - "postgresql.log.timestamp": "2017-05-27 14:59:26.555", + "postgresql.log.timestamp": "2017-05-27 14:59:26.555 UTC", "process.pid": 1989, "service.type": "postgresql", "user.name": "postgres" }, { - "@timestamp": "2017-06-06T07:54:13.753Z", + "@timestamp": "2017-06-06T05:54:13.753Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -783,12 +783,12 @@ "log.level": "LOG", "log.offset": 4915, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-06-06 07:54:13.753", + "postgresql.log.timestamp": "2017-06-06 07:54:13.753 CEST", "process.pid": 9110, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.753Z", + "@timestamp": "2017-06-06T05:54:13.753Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -798,12 +798,12 @@ "log.level": "LOG", "log.offset": 4988, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-06-06 07:54:13.753", + "postgresql.log.timestamp": "2017-06-06 07:54:13.753 CEST", "process.pid": 9110, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.753Z", + "@timestamp": "2017-06-06T05:54:13.753Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -813,12 +813,12 @@ "log.level": "LOG", "log.offset": 5063, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-06-06 07:54:13.753", + "postgresql.log.timestamp": "2017-06-06 07:54:13.753 CEST", "process.pid": 9115, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.755Z", + "@timestamp": "2017-06-06T05:54:13.755Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -828,12 +828,12 @@ "log.level": "LOG", "log.offset": 5139, "message": "shutting down", - "postgresql.log.timestamp": "2017-06-06 07:54:13.755", + "postgresql.log.timestamp": "2017-06-06 07:54:13.755 CEST", "process.pid": 9112, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:54:13.816Z", + "@timestamp": "2017-06-06T05:54:13.816Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -843,12 +843,12 @@ "log.level": "LOG", "log.offset": 5195, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-06-06 07:54:13.816", + "postgresql.log.timestamp": "2017-06-06 07:54:13.816 CEST", "process.pid": 9110, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.725Z", + "@timestamp": "2017-06-06T05:55:39.725Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -858,12 +858,12 @@ "log.level": "LOG", "log.offset": 5266, "message": "database system was shut down at 2017-06-06 07:54:13 CEST", - "postgresql.log.timestamp": "2017-06-06 07:55:39.725", + "postgresql.log.timestamp": "2017-06-06 07:55:39.725 CEST", "process.pid": 12969, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.736Z", + "@timestamp": "2017-06-06T05:55:39.736Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -873,12 +873,12 @@ "log.level": "LOG", "log.offset": 5367, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-06-06 07:55:39.736", + "postgresql.log.timestamp": "2017-06-06 07:55:39.736 CEST", "process.pid": 12969, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.739Z", + "@timestamp": "2017-06-06T05:55:39.739Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -888,12 +888,12 @@ "log.level": "LOG", "log.offset": 5466, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-06-06 07:55:39.739", + "postgresql.log.timestamp": "2017-06-06 07:55:39.739 CEST", "process.pid": 12968, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:39.739Z", + "@timestamp": "2017-06-06T05:55:39.739Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -903,12 +903,12 @@ "log.level": "LOG", "log.offset": 5556, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-06-06 07:55:39.739", + "postgresql.log.timestamp": "2017-06-06 07:55:39.739 CEST", "process.pid": 12973, "service.type": "postgresql" }, { - "@timestamp": "2017-06-06T07:55:40.155Z", + "@timestamp": "2017-06-06T05:55:40.155Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -919,13 +919,13 @@ "log.offset": 5627, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-06 07:55:40.155", + "postgresql.log.timestamp": "2017-06-06 07:55:40.155 CEST", "process.pid": 12975, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-06T07:55:40.156Z", + "@timestamp": "2017-06-06T05:55:40.156Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -936,13 +936,13 @@ "log.offset": 5716, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-06 07:55:40.156", + "postgresql.log.timestamp": "2017-06-06 07:55:40.156 CEST", "process.pid": 12975, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-10T19:37:30.681Z", + "@timestamp": "2017-06-10T17:37:30.681Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -952,12 +952,12 @@ "log.level": "LOG", "log.offset": 5805, "message": "database system was shut down at 2017-06-10 19:37:29 CEST", - "postgresql.log.timestamp": "2017-06-10 19:37:30.681", + "postgresql.log.timestamp": "2017-06-10 19:37:30.681 CEST", "process.pid": 17398, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:30.695Z", + "@timestamp": "2017-06-10T17:37:30.695Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -967,12 +967,12 @@ "log.level": "LOG", "log.offset": 5906, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-06-10 19:37:30.695", + "postgresql.log.timestamp": "2017-06-10 19:37:30.695 CEST", "process.pid": 17398, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:30.702Z", + "@timestamp": "2017-06-10T17:37:30.702Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -982,12 +982,12 @@ "log.level": "LOG", "log.offset": 6005, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-06-10 19:37:30.702", + "postgresql.log.timestamp": "2017-06-10 19:37:30.702 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:30.702Z", + "@timestamp": "2017-06-10T17:37:30.702Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -997,12 +997,12 @@ "log.level": "LOG", "log.offset": 6095, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-06-10 19:37:30.702", + "postgresql.log.timestamp": "2017-06-10 19:37:30.702 CEST", "process.pid": 17402, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T19:37:31.104Z", + "@timestamp": "2017-06-10T17:37:31.104Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1013,13 +1013,13 @@ "log.offset": 6166, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-10 19:37:31.104", + "postgresql.log.timestamp": "2017-06-10 19:37:31.104 CEST", "process.pid": 17404, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-10T20:27:55.911Z", + "@timestamp": "2017-06-10T18:27:55.911Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1029,12 +1029,12 @@ "log.level": "LOG", "log.offset": 6255, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-06-10 20:27:55.911", + "postgresql.log.timestamp": "2017-06-10 20:27:55.911 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.911Z", + "@timestamp": "2017-06-10T18:27:55.911Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1044,12 +1044,12 @@ "log.level": "LOG", "log.offset": 6329, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-06-10 20:27:55.911", + "postgresql.log.timestamp": "2017-06-10 20:27:55.911 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.911Z", + "@timestamp": "2017-06-10T18:27:55.911Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1059,12 +1059,12 @@ "log.level": "LOG", "log.offset": 6405, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-06-10 20:27:55.911", + "postgresql.log.timestamp": "2017-06-10 20:27:55.911 CEST", "process.pid": 17402, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.914Z", + "@timestamp": "2017-06-10T18:27:55.914Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1074,12 +1074,12 @@ "log.level": "LOG", "log.offset": 6482, "message": "shutting down", - "postgresql.log.timestamp": "2017-06-10 20:27:55.914", + "postgresql.log.timestamp": "2017-06-10 20:27:55.914 CEST", "process.pid": 17399, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:55.973Z", + "@timestamp": "2017-06-10T18:27:55.973Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1089,12 +1089,12 @@ "log.level": "LOG", "log.offset": 6539, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-06-10 20:27:55.973", + "postgresql.log.timestamp": "2017-06-10 20:27:55.973 CEST", "process.pid": 17397, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.022Z", + "@timestamp": "2017-06-10T18:27:57.022Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1104,12 +1104,12 @@ "log.level": "LOG", "log.offset": 6611, "message": "database system was shut down at 2017-06-10 20:27:55 CEST", - "postgresql.log.timestamp": "2017-06-10 20:27:57.022", + "postgresql.log.timestamp": "2017-06-10 20:27:57.022 CEST", "process.pid": 24490, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.032Z", + "@timestamp": "2017-06-10T18:27:57.032Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1119,12 +1119,12 @@ "log.level": "LOG", "log.offset": 6712, "message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.timestamp": "2017-06-10 20:27:57.032", + "postgresql.log.timestamp": "2017-06-10 20:27:57.032 CEST", "process.pid": 24490, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.035Z", + "@timestamp": "2017-06-10T18:27:57.035Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1134,12 +1134,12 @@ "log.level": "LOG", "log.offset": 6811, "message": "autovacuum launcher started", - "postgresql.log.timestamp": "2017-06-10 20:27:57.035", + "postgresql.log.timestamp": "2017-06-10 20:27:57.035 CEST", "process.pid": 24494, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.035Z", + "@timestamp": "2017-06-10T18:27:57.035Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1149,12 +1149,12 @@ "log.level": "LOG", "log.offset": 6882, "message": "database system is ready to accept connections", - "postgresql.log.timestamp": "2017-06-10 20:27:57.035", + "postgresql.log.timestamp": "2017-06-10 20:27:57.035 CEST", "process.pid": 24489, "service.type": "postgresql" }, { - "@timestamp": "2017-06-10T20:27:57.475Z", + "@timestamp": "2017-06-10T18:27:57.475Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1165,13 +1165,13 @@ "log.offset": 6972, "message": "incomplete startup packet", "postgresql.log.database": "unknown", - "postgresql.log.timestamp": "2017-06-10 20:27:57.475", + "postgresql.log.timestamp": "2017-06-10 20:27:57.475 CEST", "process.pid": 24496, "service.type": "postgresql", "user.name": "unknown" }, { - "@timestamp": "2017-06-17T16:58:03.937Z", + "@timestamp": "2017-06-17T14:58:03.937Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1181,12 +1181,12 @@ "log.level": "LOG", "log.offset": 7061, "message": "received fast shutdown request", - "postgresql.log.timestamp": "2017-06-17 16:58:03.937", + "postgresql.log.timestamp": "2017-06-17 16:58:03.937 CEST", "process.pid": 24489, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:03.937Z", + "@timestamp": "2017-06-17T14:58:03.937Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1196,12 +1196,12 @@ "log.level": "LOG", "log.offset": 7135, "message": "aborting any active transactions", - "postgresql.log.timestamp": "2017-06-17 16:58:03.937", + "postgresql.log.timestamp": "2017-06-17 16:58:03.937 CEST", "process.pid": 24489, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:03.938Z", + "@timestamp": "2017-06-17T14:58:03.938Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1211,12 +1211,12 @@ "log.level": "LOG", "log.offset": 7211, "message": "autovacuum launcher shutting down", - "postgresql.log.timestamp": "2017-06-17 16:58:03.938", + "postgresql.log.timestamp": "2017-06-17 16:58:03.938 CEST", "process.pid": 24494, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:03.940Z", + "@timestamp": "2017-06-17T14:58:03.940Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1226,12 +1226,12 @@ "log.level": "LOG", "log.offset": 7288, "message": "shutting down", - "postgresql.log.timestamp": "2017-06-17 16:58:03.940", + "postgresql.log.timestamp": "2017-06-17 16:58:03.940 CEST", "process.pid": 24491, "service.type": "postgresql" }, { - "@timestamp": "2017-06-17T16:58:04.040Z", + "@timestamp": "2017-06-17T14:58:04.040Z", "ecs.version": "1.0.0", "event.dataset": "postgresql.log", "event.module": "postgresql", @@ -1241,7 +1241,7 @@ "log.level": "LOG", "log.offset": 7345, "message": "database system is shut down", - "postgresql.log.timestamp": "2017-06-17 16:58:04.040", + "postgresql.log.timestamp": "2017-06-17 16:58:04.040 CEST", "process.pid": 24489, "service.type": "postgresql" }