Hi,
Today morning, Our logstash server got crashed due to which around 5 hours logs got missed out in the elastic search.
So, for recovery purpose we have consolidated all logs into single file and parsed through filebeat client. Using this method all logs got inserted into elasticsearch index successfully but observed that @timestamp difference from the Kibana interface.
We are unable to extract/find logs using "time range" feature of Kibana due to this timestamp difference.
We observed that, timestamp value is perfectly matched with access log date-time but @timestamp value not matching.
Kindly find the screen-shot for reference :
Our system as below
Filebeat --> Logstash --> Elasticsearch (3 server in cluster) --> KIbana
Correct me if this ticket raised in the wrong group.