Dear Members,
I had installed filebeat 6.3.2 agent in linux server and enabled the filebeat system module. When i view the events in kibana it's showing +3 hours ahead . my server timzone is GMT +3 . If i change the kibana advanced settings "dateFormat:tz" to UTC then i get the correct timestamp in kibana view.
The result is same if i enable var.convert_timezone true also same result
Filebeat publishes timestamps in UTC-0. Processing happens in Ingest Node.
Changing the setting var.convert_timezone requires you to reinstall the pipelines via filebeat setup --pipelines.
When i see the ingest pipeline of the 6.3.2 version it's converting the timestamp. That's where the confusion
{
"date" : {
"field" : "system.auth.timestamp",
"target_field" : "@timestamp",
"formats" : [
"MMM d HH:mm:ss",
"MMM dd HH:mm:ss"
],
"ignore_failure" : true
}
Thanks . i also directly edited "timezone" parameter in date processor with the correct timezone on the respective pipeline also worked
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.