Panw module - Another incorrect timestamp issue

ddaloia · November 24, 2021, 5:55pm

Hi friends. I am really struggling on this one. I can not figure out why all my ingested logs are showing up at the wrong time. It appears that all my firewall logs for each day are being grouped into a 3 hour window for the previous day. The event created date is just wrong and I can not figure out where is is getting the information.

The logs are being shipped continuously, but you can see that it only shows up at certain hours when searching.

When looking at the logs, the event created date is wrong. Where is it getting that from? Event created vs event ingested vs the original log - none of them match.

I am stumped and could use any help. Thanks so much.

Aku_TanpaNama · December 10, 2021, 2:27am

Hi, Did you resolved the issues ? Can share module config and filebeat.yml .

Aku_TanpaNama · December 10, 2021, 2:33am

Do you compare log from palo alto too ? compare log original and log in monitor palo alto. if same, mean, time from your appliance need to check. however, please help share config.

system · January 7, 2022, 4:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.