The events of a system that are being parsed from filebeat to our ELK are arriving an hour late.
I have already configured the netscout.yml module of filebeat with the grok processors, with var.tz_offset and with date - timezone so that they arrive correctly at time +1, but it has not worked, it always remains the same.
For example, it is 22:47 and when I check an event the timestamp fields has the time 21:47 and the event.original field also has the time 21:47, only the event.ingest field has the correct time which would be 22:47.
How can I solve the events of this equipment, because events from other equipment (Firewall, DDoS) arrive correctly.
Thank you very much.
