Filebeat parsing logs with timedate utc

dmrlixos · September 12, 2018, 5:33pm

Hi
I have running a server with filebeat to parse all linux centos log files.

My filebeat.yml be default:

filebeat.inputs:

type: log
enabled: true
paths:

/var/log/*.log
document_type: syslog

Output direct to elasticsearch:9200

Until here everything works fine, but I have a problem with @timestamp

Filebeat parse the log with timestamp UTC
We use here America/Sao_Paulo, the diference from UTC.

is possible to parse the logs with filebeat using timezone America/Sao_Paulo.
Actuality I have a delay of 3 hours to see the information parse logs.

Some can help me!
thanks

Carlos_Magalhaes · September 19, 2018, 8:27pm

I am having the same issue, trying to get it to parse with timezone GMT + 2 and I am getting - 18hours

dmrlixos · October 2, 2018, 1:00pm

Hi Carlos,

I resolv this in kibana, searching the template and put the timestamp format date directy in template.
Here for me resolv and works fine.

system · October 30, 2018, 1:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Still Not Solved!] Filebeat cannot recognize timezone in syslog Beats filebeat	25	5558	August 28, 2019
Filebeat and Timezones Beats filebeat	5	6886	July 5, 2017
Filebeat harvests log from elasticsearch and store field 'timestamp' without converting to utc time Beats elastic-stack-monitoring , filebeat	4	584	February 14, 2019
Filebeat assumes UTC? Beats filebeat	8	8215	May 1, 2017
Filebeat 7.7.0 @timestamp not UTC Beats filebeat	1	298	June 30, 2020