i have log messages in the following format:
{"@timestamp":"2022-07-08T10:01:43.181Z","log.level":"info","message":"verifyReceipt: found receipt","ecs":{"version":"1.6.0"}}
@timestamp in UTC. When i check logs in Kibana i see different time. I set in Kibana show logs time in UTC.
Look at screenshots. You will see that time in logs "2022-07-08T08:42:21.327Z" but in Kibana i see time for this message: Jul 8. 2022 @ 08:42:26.207. It has offset about 5 sec. Why it happen ?
Log:
Kibana:
Can they be different documents? Have you ever compared the _id?
You need to provide more context on what is the source of this log and how you are ingesting it, but what you shared suggests that you are not using the @timestamp field of the source message as the @timestamp field in your elasticsearch document, this is done during the ingestion process.
How are you ingesting those logs? Logstash? Filebeat? Ingest pipeline?
It is exact same lines. I checked it.
Source of logs are text files. To ingesting used filebeat.
Also i found line in log and document for this line in elastic. And document has different timestamp.
Look at screenshots:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
