Hello
I'm having an issue with filebeat 6.2.4 with the Nginx error module. The access module works fine and the data pulls into kibana with the correct time. However, the error logs show up 4 hours late with the default config. I edited the pipeline config to EST but, now the logs come in 1 hour early (in the future).
Is there a list of timezones supported since EDT didn't seem to work? Or am I going about this all wrong?
From error pipeline:
"date": { "field": "nginx.error.time", "target_field": "@timestamp", "timezone": "EST", "formats": ["YYYY/MM/dd H:m:s"] }
From access pipeline:
"date": { "field": "nginx.access.time", "target_field": "@timestamp", "formats": ["dd/MMM/YYYY:H:m:s Z"] }
Access logs:
104.63.177.249 - - [04/Jun/2018:12:09:56 -0400] "GET
Error logs:
2018/06/04 12:03:06 [error] 16906#0: *1700526 open()
Logs go directly to ES
output.elasticsearch:
hosts: ["elk.n2ntech.com:9200"]
index: "filebeat-%{[beat.version]}-%{+yyyy.MM}"
Let me know what you think please. I've searched around and found similar issues but, I haven't found a good fix. Especially since it looks like it should work by default with this
Thank you!
EDIT: Received a PM from @Lucas_Pereira_Borges that helped!
"Hello,
I've the same problem and discovered a fix for that.
Update your nginx-error-pipeline in the date section add the timestamp"
"date": {
"field": "nginx.error.time",
"target_field": "@timestamp",
"formats": [
"YYYY/MM/dd H:m:s"
],
"timezone": "America/Sao_Paulo"
}