filebeat 6.4.2 the timestamp is not right.
i use filebeat 6.4.2 to es
the time is +8 not right
my machine timezone is Wed Oct 10 13:03:45 CST 2018
but the filebeat time write into es is like "@timestamp" : "2018-10-10T12:58:01.000Z",
how can change it the @timestamp -8 hours .
when search this not ok.
in system.yml at /etc/filebeat/modules.d
- module: system
# Syslog
syslog:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
var.convert_timezone: false
#var.convert_timezone: true
# Authorization logs
auth:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
var.convert_timezone: false
#var.convert_timezone: true
the var.convert_timezone use true or false when my timezone is not UTC ,it's CST?
Filebeat itself reports the timestamp in UTC-0. When convert_timezone is configured to true, then filebeat adds the add_locale processor, adding timezone information to events. Plus it adds a date filter to the ingest node pipeline. The final conversion is done by Elasticsearch using the ingest node pipeline.
When updating the filebeat configuration, the ingest node pipeline is normally not updated. You can use the filebeat.overwrite_pipelines setting to force the pipeline to be updated. See the filebeat.reference.yml file.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.