Hi!
I have a problem when sending haproxy logs with the filebeat module for haproxy directly to elasticsearch.
The issue is that my systems are using timezone CET, so the logs are written into haproxy.log using my local timezone. In other words a log that is created at 0927CET will be written with the timestamp Feb 20 09:27:42.
When browsing with Kibana, the entry will be shown as 10:27:42. Kibana is using the webbrowser timezone, which is the same (CET).
The /etc/filebeat/modules.d/haproxy.yml looks like this
- module: haproxy
log:
enabled: true
var.input: file
From other posts I have tried to add var.convert_timezone: true, but it doesn't seem to have any effect.
After each change I have dropped the indexpattern and index in Kibana. I have deleted the ingest pipeline in Elasticsearch. But it doesn't seem to work anyway.
I am using ELK components with version 7.5.1.
Regards
Henrik