Hi,
I am experiencing a strange thing with the date in the syslog log in filebeat. I am using the default ingest node pipeline (logs-system.syslog-0.12.7) which creates a new timestamp based on the system.syslog.timestamp. But that new timestamp is 2 hours ahead (something with UTC?). So an event is visible in Kibana 2 hours after it occurred. Kibana settings are default, so date is browser dependend.
Thanks,
Herman
Management -> Kibana -> Advanced Settings -> Type tz in the search box if you want to find it quickly. Maybe that helps?
Hi Mario,
Thanks for your answer.
But this doesn’t help, my settings are default, so this one has already ‘browser’.
Herman
I think I found the answer. When changing the timezone in my Syslog server after the agent is enrolled the old time will appear in the logs.
Unenroll and re-enroll of the agent will solve the problem.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
