Having trouble with the date filter for iis logs

Elastic Stack Logstash
1

Continuing the discussion from Date Filter Not working parsing IIS logs:

I get the correct timestamp in the debugger, but not in Kibana.
here is an example of the parsed log in the debugger:

{
      "uriQuery" => "-",
       "message" => "2018-06-02 23:50:10 10.1.0.250 GET /Images/Homepage/Promotion/201da2a5.jpg - 443 52332470000003 10.1.10.85 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.181+Safari/537.36 200 0 0 31\r",
        "method" => "GET",
     "timetaken" => 31,
      "username" => "52332470000003",
      "serverIP" => "10.1.0.250",
    "@timestamp" => 2018-06-02T23:50:10.000Z,
          "port" => "443",
          "host" => "MyELK",
      "response" => "200",
   "subresponse" => "0",
          "path" => "/home/doronr/data/u_ex180602_03.log",
"clientHostname" => "10.1.10.85",
       "uriStem" => "/Images/Homepage/Promotion/201da2a5.jpg",
          "type" => "iis-w3c",
          "tags" => [
    [0] "_grokparsefailure"
],
 "win32response" => "0",
     "userAgent" => "Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.181+Safari/537.36",
      "@version" => "1",
      "clientIP" => "10.1.10.85"

}

2

and here is the iis log entry:

2018-06-02 23:50:10 10.1.0.250 GET /Images/Homepage/Promotion/201da2a5.jpg - 443 52332470000003 10.1.10.85 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.181+Safari/537.36 200 0 0 31
3

What timestamp do you get in Kibana for that message?

4

Thank you for asking...
Now I see that Kibana timestamp is 2 hours later than the log.
So I added the correct timezone to the date filter and it works.

Thanks

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.