Hi everyone,
I am facing a issue that the event.created is always 8 hours later than the @timestamp and the timestamp is the current time which is correct. Below is the example.
| Time | event.created | event.timezone | |
|---|---|---|---|
| Apr 15, 2021 @ 18:08:47.000 | Apr 16, 2021 @ 02:08:47.000 | +08:00 |
The environment I currently using is
Lab PA filewall -> Filebeat -> Logstash -> Elasticsearch.
And the modules I am using is panw.
May I know how can I correct the timezone problem?
Elasticsearch stores data as UTC.
Kibana shows data based on your browsers TZ.
Is there a difference between those?
I tried to change the timezone in Kibana setting. Then both Time and event.created shift according to the timezone.
Are u using a module or just an input? Normally this is caused by filebeat/elasticsearch parsing a time that's not utc and parsing as utc so it's off by whatever the TZ offset is. Or is the time/timezone different between the filebeat host and elasticsearch server?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.