Incorrect timestamp


I'm processing data with my logstash (which doesn't have any timestamp modifications or nothing related to it) and then feeding them to my elasticsearch and using Kibana to visualize the data. The problem is that since today all the date and time is incorrect. There hasn't been any configuration changes since yesterday so I have no clue what has happened.

Here's how it looks:

The flow looks like this:

Redis -> Logstash -> Elastic -> Kibana

I've checked the date on all of our servers and no date is wrong so I don't understand where the wrong timestamp comes from

This is what the data looks like on my redis server:

"RPUSH" "filebeat" "{"@timestamp":"2016-10-09T19:50:50.978Z","beat":{"hostname":"","name":""},"count":1,"proc":{"cmdline":"pickup -l -t unix -u","cpu":{"user":20,"user_p":0,"system":120,"total":140,"start_time":"16:18"},"mem":{"size":93425664,"rss":3940352,"rss_p":0,"share":2916352},"name":"pickup","pid":2197,"ppid":2102,"state":"sleeping","username":"postfix"},"type":"process"}"

"RPUSH" "filebeat" "{"@timestamp":"2016-10-09T19:50:50.993Z","beat":{"hostname":"","name":""},"count":1,"proc":{"cpu":{"user":0,"user_p":0,"system":250150,"total":250150,"start_time":"Apr23"},"mem":{"size":0,"rss":0,"rss_p":0,"share":0},"name":"kworker/3:2H","pid":7068,"ppid":2,"state":"sleeping","username":"root"},"type":"process"}"


Solved it, logstash was reading old data from the redis server

(Lee Drengenberg) #3

Thanks for posting your solution!

(system) #4