Kibana doesnt show new data

Ingram_Gultom · October 28, 2019, 8:23am

Hi,

I'm using elasticsearch 7.3.0 & filebeat 7.3.0 with module system enabled.

I cannot see my new data at kibana discovery but the data already at elasticsearch

below is the new data
"_index" : "filebeat-7.3.0-2019.10.28-000001",
"_type" : "_doc",
"_id" : "gUBQEW4B-_sCEasEZscN",
"_score" : null,
"_source" : {
"agent" : {
"hostname" : "node3",
"id" : "21e74b07-2075-4e1b-8c9e-3e2c0d036a5e",
"ephemeral_id" : "f7b4ea5e-dff7-4c7b-a27b-68918d90c473",
"type" : "filebeat",
"version" : "7.3.0"
},
"process" : {
"name" : "sshd",
"pid" : 1330
},
"log" : {
"file" : {
"path" : "/var/log/secure"
},
"offset" : 5679
},
"source" : {
"port" : 53219,
"ip" : "192.168.56.1"
},
"fileset" : {
"name" : "auth"
},
"input" : {
"type" : "log"
},
"@timestamp" : "2019-10-28T21:41:44.000+07:00",
"system" : {
"auth" : {
"ssh" : {
"method" : "password",
"event" : "Failed"
}
}
},
"ecs" : {
"version" : "1.0.1"
},
"service" : {
"type" : "system"
},
"host" : {
"hostname" : "node3",
"os" : {
"kernel" : "3.10.0-693.el7.x86_64",
"codename" : "Core",
"name" : "CentOS Linux",
"family" : "redhat",
"version" : "7 (Core)",
"platform" : "centos"
},
"containerized" : false,
"name" : "node3",
"id" : "83f5a63fce6a4d5abda91e2ec0ee663d",
"architecture" : "x86_64"
},
"event" : {
"timezone" : "+07:00",
"module" : "system",
"action" : "ssh_login",
"type" : "authentication_failure",
"category" : "authentication",
"dataset" : "system.auth",
"outcome" : "failure"
},
"user" : {
"name" : "pururin"
}
},
"sort" : [
1572273704000

Any solution for this ?

markov00 · October 28, 2019, 11:24am

Hi @Ingram_Gultom
The data report the following as timestamp:

and the chart report that you are showing data until Oct 28, 2019 @ 14:54:19.076

Could you please tell me the configured timezone of your Kibana instance and the timezone configured in filebeat?

Ingram_Gultom · October 29, 2019, 3:19am

HI @markov00
Here is the timezone configured in kibana instance

And this is filebeat

markov00 · October 29, 2019, 9:16am

Could you also show me the timezone configured in the Kibana Advanced Settings? if it's configured as Browser, could you please check the timezone of the machine accessing kibana through browser?

Ingram_Gultom · October 30, 2019, 7:18am

Yes kibana timezone configured as browser and I'm accessing kibana from server kibana itself

system · November 27, 2019, 7:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.