Filebeat syslog with wrong @timestamp

Hi everyone,

I am very new with all of elastic stack, so i hope that you guy can help in details.
I am trying to configure filebeat to send syslog directly to elasticsearch, however, the @timestamp of each entry seem to have wrong timezone (+7 hours compare with locace time of server)
I have done some research and test with below setting but that not have to resolve the problem:

• Stop filebeat
• add var.convert_timezone: true in system.yml
• delete the current pipeline: curl -XDELETE 'http://localhost:9200/_ingest/pipeline/filebeat-6.3.1-system-syslog-pipeline
• Start filebeat.

The strange things is I have metricbeat deployed in the same system but @timestamp is correct.

I am really in need of your suggestion.

Thank you all!

If you guy need any information or any configuration, please suggest and i will share the details.

Have you seen this: [Still Not Solved!] Filebeat cannot recognize timezone in syslog

Hi admlko,
Thank you for your response.
I tried with the same method but it did not help to resolve my issue.
I dont know what else could be missing from my setup.
Do you need any configuration from me end for further checking?

I am fairly certain that 7.3.1 broke var.convert_timezone for the system module as I have it working in 7.2 but can't get it to work in 7.3.1.

It is likely a bug.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.