Hey guys would appreciate any help. I've been trying to setup my Syslog dashboard for the last few days and I think i finally narrowed down my issue but I cannot seem to figure out how to correct it. The issue looks like its a timezone offset issue within kibana ? I look at my JSON string and everything looks correct in terms of time. When I look at the table tab for an event everything is shifted by four hours, which would make sense because I'm EST timezone. Any Idea why this is happening and how to correct it so everything matches my Local Timezone ?
Kibana is running is 6.2.3 and on Centos 7. All server feeding data are Filebeat 6.2.3 and located on the same VM Farm as the kibana / elastic servers. All dashboards are stock and nothing has been adjusted.
{
"_index": "filebeat-6.2.3-2018.03.29",
"_type": "doc",
"_id": "OXlfcmIBXBZ59wnDQAAV",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2018-03-29T11:27:42.000Z",
"system": {
"syslog": {
"hostname": "atlptgnag-dev1",
"program": "systemd",
"message": "Starting User Slice of root.",
"timestamp": "Mar 29 11:27:42"
}
},
"offset": 229443,
"beat": {
"hostname": "atlptgnag-dev1",
"timezone": "EDT",
"name": "atlptgnag-dev1",
"version": "6.2.3"
},
"prospector": {
"type": "log"
},
"source": "/var/log/messages",
"fileset": {
"module": "system",
"name": "syslog"
}
},
"fields": {
"@timestamp": [
"2018-03-29T11:27:42.000Z"
]
},
"sort": [
1522322862000
]
}
|@timestamp| |March 29th 2018, 07:27:42.000|
|---|---|---|
|t _id| |OXlfcmIBXBZ59wnDQAAV|
|t _index| |filebeat-6.2.3-2018.03.29|
|# _score| | - |
|t _type| |doc|
|t beat.hostname| |atlptgnag-dev1|
|t beat.name| |atlptgnag-dev1|
|t beat.timezone| |EDT|
|t beat.version| |6.2.3|
|t fileset.module| |system|
|t fileset.name| |syslog|
|# offset| |229,443|
|t prospector.type| |log|
|t source| |/var/log/messages|
|t system.syslog.hostname| |atlptgnag-dev1|
|t system.syslog.message| |Starting User Slice of root.|
|t system.syslog.program| |systemd|
|t system.syslog.timestamp| |Mar 29 11:27:42|