We are having ELK setup with Kibana version 5.6.10. We are facing a time mismatch in displaying logs from different servers.
We are fetching log from 8 IIS server and parsing via Logstash to Elastic search Kibana. While filtering logs for past hour we could notice only 2 server logs were displayed. We have checked filebeat configuration in each IIS servers and found same configuration setup; kroger feedback also verified IIS log time format and other configurations.
We could see indexing is happening properly in Elastic Search but while filtering the display option for an hour only throwing results for 2 servers. If we filter for four hours we can see multiple servers with the different time value in the display.
Would like to know anyone facing a similar issue and welcoming solution for it.