We have a Filebeat server (8.9) that ingests Syslog logs. The timestamp shown in GUI is 4 hours earlier than it should be. The timezone is set correctly in Kibana. The timestamp is correct when viewing JSON; it looks like: "@timestamp": "2023-09-21T16:12:00.000Z". In the GUI, it looks like
"Sep 21, 2023 @ 12:12:00.000". We're in EST timezone, if that matters. We did a packet capture on incoming logs - the timezone is correct.
I should add that we also have a Zeek module running on the same Filebeat server, and the timestamps there are correct too!
This seems like the expected behaviour: the Z at the end of 2023-09-21T16:12:00.000Z indicates that this time is in UTC, but you have configured Kibana to show times in EST which is (currently) UTC+4.
Aha - ok thank you. I didn't know Kibana expected times to be in UTC but now that I think about it, it makes sense.
Thanks again for your help!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.