Hi, I am using windows 11, SO, winlogbeat and logstash
output.logstash:

The Logstash hosts

hosts: ["192.168.1.226:5044"]

I have saved a wireshark session as a pcap. I moved the pcap from my windows 10 machine with winSCP. I ran
So-import-pcap and got the url. I went into kibana and hunt and changed the from and to times to match the from
To date/time in the wireshark pcap. But when I try to match up the timestamps between wireshark and
Kibana or hunt, I see the src ip and the dst ip’s that match, so I am wondering if there is a way to send
Pcaps from winSCP to SO with the same timestamps?
Thanks for any advice or suggestions.

Packetbeat can also get pcap data, so that will be the most accurate one to use with Kibana.

I'm not sure am I get you, but will give it try my version.
If you have logs which has been read by an app, for instance beats, a message must have a @timestamp field when it enters LS, otherwise LS will create the @timestamp field with the current time of LS host. FB documentation
Always you can use the date plugin which has default target "@timestamp"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.