Hi Everyone, I am relatively new to ELK stack
I added a new source of syslog but that source is in UTC, When I forward the syslogs, I have its sources (hosts) in UTC and everything else in EST and once they go into Elasticsearch, it assumes everything is in UTC which puts the timestamp searching out by a few hours (Last 15 minutes to 5 hours from now filter shows the future time which is clearly UTC when viewed through Kibana). When I apply the following filter, The timestamp shows syslogs upto 4 hours into the future from my current time (e.g. if it is 13:08 in my timezone, it shows timestamps of 17:08)
Is there a way I can convert the timezones into one timezone like all into EST? Will I have to do something in the logstash conf file with the filter? or what could be the work around this? My issue is specific to one index only.
I did something like this in the filter but it didnt work and I am getting dateparsing errors
Thank you in advance.
date {
match => ["@timestamp", "MMM D, YYYY @ HH:mm:ss.SSS", "ISO8601"]
timezone => "EST"
target => "timestamp_debug"
}