Kibana unable to show auth log

I am using ES and Kibana 6.4.0 with Beats. My filebeat able to send logs directly to ES. Also when i am doing manual query on ES or Kibana Console i am able to see the log, but in kibana dashboard its not showing, even if i filter with the same "_id" in Discover its not showing.

I am using below query systex to see logs:

{"_index":"filebeat-6.4.0-2018.09.06","_type":"doc","_id":"_13drmUBs98-E0L9SrHd","_version":1,"found":true,"_source":{"offset":266182,"prospector":{"type":"log"},"source":"/var/log/secure","fileset":{"module":"system","name":"auth"},"input":{"type":"log"},"@timestamp":"2018-09-06T18:00:57.000Z","system":{"auth":{"hostname":"ipaysyslogsrv","pid":"830","program":"sshd","message":"input_userauth_request: invalid user pradip.s [preauth]","timestamp":"Sep 6 18:00:57"}},"beat":{"hostname":"ipaysyslogsrv.ipay.local","timezone":"+05:30","name":"ipaysyslogsrv.ipay.local","version":"6.4.0"},"host":{"name":"ipaysyslogsrv.ipay.local"}}}

I am new with ES, your help will be appreciated.

Thanks, Issue has been resolved by adding Timezone in Pipeline.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.