Panw module - Another incorrect timestamp issue

ddaloia · November 24, 2021, 5:55pm

Hi friends. I am really struggling on this one. I can not figure out why all my ingested logs are showing up at the wrong time. It appears that all my firewall logs for each day are being grouped into a 3 hour window for the previous day. The event created date is just wrong and I can not figure out where is is getting the information.

The logs are being shipped continuously, but you can see that it only shows up at certain hours when searching.

When looking at the logs, the event created date is wrong. Where is it getting that from? Event created vs event ingested vs the original log - none of them match.

I am stumped and could use any help. Thanks so much.

Aku_TanpaNama · December 10, 2021, 2:27am

Hi, Did you resolved the issues ? Can share module config and filebeat.yml .

Aku_TanpaNama · December 10, 2021, 2:33am

Do you compare log from palo alto too ? compare log original and log in monitor palo alto. if same, mean, time from your appliance need to check. however, please help share config.

system · January 7, 2022, 4:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat incorrect timestamp Beats filebeat	3	1958	August 3, 2019
Wrong timestamp (NOT timezone issue) with System module Beats filebeat	4	550	February 10, 2020
Filebeat 8.4.2 modules Panw : Panw modules does not parse log correctly Beats beats-module , filebeat	1	320	October 25, 2022
Overriding filebeat palo alto modules @timestamp Beats filebeat	6	328	December 16, 2021
PANW module timezone offset Beats beats-module , filebeat	5	1501	August 20, 2019

Panw module - Another incorrect timestamp issue

Related topics