FIlebeat IPtables Module timezone wrong

fadjar340 · October 28, 2019, 1:04pm

I found that the pipeline in the iptables log ingest have some glitch in the timezone, with version 7.4.0, I have the document 7 hours next from my timezone.
Since I check the date compare to syslog, I put the pipeline like below:

{
.
.
.
},
{
"date": {
"field": "iptables.raw_date",
"target_field": "@timestamp",
"formats": [
"MMM d HH:mm:ss",
"MMM dd HH:mm:ss",
"MMM d HH:mm:ss",
"ISO8601"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "iptables.raw_date",
"target_field": "@timestamp",
"formats": [
"MMM d HH:mm:ss",
"MMM dd HH:mm:ss",
"MMM d HH:mm:ss",
"ISO8601"
],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
},
{
"remove": {
"field": "iptables.raw_date",
"ignore_missing": true
}
},

.
.
.
"field" : "error.message",
"value" : "{{ _ingest.on_failure_message }}"
}
}]
}

Then all the logs following the UTC and my timezone and works very good...
Now, my document works as expected.

system · November 25, 2019, 1:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat 7.3 syslog / auth log timezone parsing error Beats filebeat	3	642	September 20, 2019
Filebeat system and iptables module timezone offset issue Beats filebeat	4	1200	May 14, 2019
Filebeat 7.3 Timezone Issues with System Module Beats filebeat	6	1004	September 18, 2019
Filebeat TimeZone Issue Beats filebeat	4	2015	August 28, 2019
Convert_timezone alternative in Filebeat 7.3.0 Beats filebeat	2	1018	September 4, 2019

FIlebeat IPtables Module timezone wrong

Related Topics