Time column it's different than @timestamp field in kibana

Fateme_Alizade · April 8, 2024, 9:37am

Hey guys!
I have troubling with time stuff in kibana and logstash
I have a filter pattern for my syslogs which its timestamp it's different than time column in kibana( My logs are shown in kibana 3 hours later )

here is my filter code for my sysligs which I'm collecting them from kubernetes pods

      date {
        match => [ "timestamp", "MMM dd HH:mm:ss" ]
        timezone => "Asia/Tehran"
    }

also I have a grok pattern like this:

syslog {
port => 6570
grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} %{DATA:program}: %{GREEDYDATA:message}"

I have googled a hundred of pages but I couldn't find anything that matches my issue or maybe I missed it
Can anyone help me with this issue?

nickpeihl · April 8, 2024, 3:33pm

Hi Raha. I think you might need to change the default timestamp field in your Data View.

leandrojmp · April 8, 2024, 3:43pm

Please share the original message so it is possible to see how the timestamp field is being parsed.

The event you shared does not show how the timestamp field looks like.

Fateme_Alizade · April 8, 2024, 4:54pm

Issue was about this line

      date {
        **match => [ "timestamp", "MMM dd HH:mm:ss" ]**
        timezone => "Asia/Tehran"
    }

It couldn't match my timestamp with this format
I changed it to:

match => [ "timestamp", "MMM d HH:mm:ss" ]

and it resolved my issue

Topic		Replies	Views
Why is my timefield entry and @timestamp are different? Logstash	2	633	June 12, 2017
Custom timestamp Kibana	4	1585	July 6, 2017
Copying @timestamp in custom field not working Logstash	5	1894	July 6, 2017
@timestamp field not matching with the Actual log field in Kibana Logstash	3	1113	July 6, 2017
Time to timestamp issue Logstash	11	1010	February 15, 2018

Time column it's different than @timestamp field in kibana

Related topics