Hello,
I am currently working on log ingestion and visualization in Kibana and have successfully configured multiple outputs. At present, I have four separate indices corresponding to different log sources:
* Firewall logs
* Syslog-ng logs
* UTM logs
* Server logs
While analyzing the data in Kibana, I observed that only the firewall logs are displayed correctly in descending order (latest to oldest) based on the timestamp. However, the other three indices (syslog-ng, UTM, and server logs) are not appearing in the proper chronological order.
This inconsistency is affecting log analysis and troubleshooting, as it becomes difficult to correlate events across different sources.
Could you please help me understand:
* Why only one index (firewall) is correctly sorted by time?
* What could be causing improper ordering in the other indices?
* Are there any recommended configurations or best practices to ensure consistent timestamp-based sorting across all indices in Kibana?
Please let me know if any additional details, configurations, or sample logs are required for further investigation.
Thanks in advance
Regards,
Anitha