Currently, I am using Elasticsearch v7.11 and filebeat v7.15 And I am retrieving owa logs from a directory on exchange. I noticed that the "@timestamp" and log message was way different. After further troubleshooting using the date processor I managed to get the logs with 2 hours difference.
I tried to assign the timezone on the date processor with no success. Check below snapshot of the log output and date processor. OWA log output:
Kibana simulates your browsers timezone when showing "datetime" formatted fields like @timestamp.
If you can check your kibana index settings, you can see the field type of date: field. Which is probably string for your case.(Im showing timestamp field, bcs i dont have date field on my side)
You can try below options,
-Try scripted fields in kibana index options
-Try changing name of that field in grok, so kibana will have a new field that is "date" formatted
-You can use reindex
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
