Custom UDP/TCP Log Timestamp

lastshadow · December 13, 2024, 7:58pm

Hello,

I'm a newbie with Elastic so patience please. I'm using the Custom UDP Log integration in a policy on my fleet server and sending logs from rsyslog on my linux box to the fleet server. I receive the logs just fine but they are showing up with a timestamp 5 hours earlier. I see that rsyslog is sending the logs in my current timezone (EST-5) but it would appear Elastic is not reading the timezone information. Kibana is displaying the logs using my browser timezone (EST) hence why the logs show up with a timestamp 5 hours behind. tailing /var/log/syslog shows that the logs have the timezone. See below.

Can you please suggest what I can do to have elastic show the right timestamps?

Thanks!

strawgate · December 13, 2024, 8:20pm

If you enabled syslog parsing on the UDP integration I believe that timestamp format should be supported.

Can you share your integration configuration, a sample syslog from the device and then can you grab the document for that sample syslog from kibana by finding a log entry, clicking expand, clicking the json tab and sharing the json? Can you also share your rsyslog configuration?

Topic		Replies	Views
Wrong timestamp and timezone in Custom Log integration Elastic Agent	1	380	December 28, 2022
ESX logs -> remote syslog -> ELK : Timestamp problems Logstash	6	1351	July 26, 2017
Syslog input to logstash time zone - drifts by 2h. everything set to UTC Elasticsearch docker	4	181	July 15, 2024
Elasticsearch and Logstash Timestamp error Elasticsearch	2	372	November 1, 2018
Time incorrect from system module (syslog) Beats filebeat	7	4910	March 29, 2018

Custom UDP/TCP Log Timestamp

Related topics