There is a closed thread here:
Where @andrewkroh says, "I would recommend running all your systems with UTC time..."
Does that mean all systems in the Elastic stack? Or all systems that we'd ever want to ingest logs from? If the Elastic stack needs to be in UTC time, we can head in that direction, but we are a MSP for clients in multiple timezones and as such cannot control which time zones the customer systems are in.
If you are referring to the Filebeat system module parsing syslog messages, then you can enable the convert_timezone option in the module to ensure the proper timezone is used with parsing the timestamps. See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-system.html#_literal_syslog_literal_fileset_settings.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.