Hi,
I have a server which serves two purposes:
- Mail server
- Normal Linux Server
I need to monitor the syslog messages for Mail Server and also need to enable the filebeat System modules to monitor System and Auth Messages of the Linux Server.
I am able to send data for both the usecases as mentioned in point 1 and 2 using the dataflow pipeline as filebeat --> kafka --> logstash --> elasticsearch --> kibana.
Lets come to the problem:
For Mail server I am using logstash and mapping the timestamp to Asia/Kolkata and the data is sent correctly to elasticsearch
For filebeat I am using the elastcisearch ingest pipeline (which by default uses the UTC timezone), is sending the data in UTC Timestamp. I need this timestamp to be Asia/Kolkata. Now for this I know the solution of putting the timezone in the system and auth json files and setting the var.convert_timezone: true in modules.d/system.yml. Its working.
But I have huge setup of 500 machines and I dont want to do these changes at filebeat end.
Can I apply a one time solution at the : "ELK" end to change the timezone to Asia/kolkata
Thanks,
Vrushali S