Starting new filebeat agent and the time is incorrect on the UI


What I see on the kibana UI

The message in my logs are generated like this
2020-02-05 14:55:46.428 | DEBUG | http-nio-8089-exec-2 | CommonsRequestLoggingFilter:47 | Before request [XXX]

The log was generated at 2020-02-05 14:55:46.428 but on the UI I can see the @time is set to when I started the agent:Feb 5, 2020 @ 16:07:01.286

This is an agent which is installed with version 7.5.0-1 but there was already an agent on the host with version 6.3

The output from yum:
Running transaction
Updating : filebeat-7.5.0-1.x86_64
warning: /etc/filebeat/filebeat.yml created as /etc/filebeat/filebeat.yml.rpmnew
Cleanup : filebeat-6.3.2-1.x86_64
Verifying : filebeat-7.5.0-1.x86_64
Verifying : filebeat-6.3.2-1.x86_64

How can I store old log files with the right timestamp and showing it on the kibana UI?
Would it be better to cleanup old filebeat logs/configs/files before installing 7.5 ?

my grok on the logstash server:
grok {
match => [
"message" , "%{TIMESTAMP_ISO8601:logDate}%{SPACE}|%{SPACE}%{LOGLEVEL:logLevel}%{SPACE}|%{SPACE}(?[^|]+)%{SPACE}|%{SPACE}(?[^|]+)%{SPACE}|%{SPACE}%{GREEDYDATA:logMessage}"
date {
match => [ "logDate", "YYYY-MM-dd HH:mm:ss.SSS" ]


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.