Time column it's different than @timestamp field in kibana

Fateme_Alizade · April 8, 2024, 9:37am

Hey guys!
I have troubling with time stuff in kibana and logstash
I have a filter pattern for my syslogs which its timestamp it's different than time column in kibana( My logs are shown in kibana 3 hours later )

here is my filter code for my sysligs which I'm collecting them from kubernetes pods

      date {
        match => [ "timestamp", "MMM dd HH:mm:ss" ]
        timezone => "Asia/Tehran"
    }

also I have a grok pattern like this:

syslog {
port => 6570
grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} %{DATA:program}: %{GREEDYDATA:message}"

I have googled a hundred of pages but I couldn't find anything that matches my issue or maybe I missed it
Can anyone help me with this issue?

nickpeihl · April 8, 2024, 3:33pm

Hi Raha. I think you might need to change the default timestamp field in your Data View.

leandrojmp · April 8, 2024, 3:43pm

Please share the original message so it is possible to see how the timestamp field is being parsed.

The event you shared does not show how the timestamp field looks like.

Fateme_Alizade · April 8, 2024, 4:54pm

Issue was about this line

      date {
        **match => [ "timestamp", "MMM dd HH:mm:ss" ]**
        timezone => "Asia/Tehran"
    }

It couldn't match my timestamp with this format
I changed it to:

match => [ "timestamp", "MMM d HH:mm:ss" ]

and it resolved my issue

Topic		Replies	Views
Copying @timestamp in custom field not working Logstash	5	1894	July 6, 2017
Time Field issue Logstash	25	1436	December 24, 2018
Date parsing logstash Logstash	5	183	January 30, 2024
Kibana Index time field does not match @timestamp field Logstash	3	839	August 26, 2020
Different Timezones in syslog for some hosts Logstash	1	242	June 23, 2022

Time column it's different than @timestamp field in kibana

Related Topics