@timestamp date different from index name date

varun1992 · February 17, 2020, 12:23pm

I am getting different dates in @timestamp field and _index name field as shown in picture

Capture

My filebeat.yml output as below

Capture1

Please help, Thanks

kvch · February 18, 2020, 5:13pm

@timestamp is the timestamp of the log and it gets inserted into the index ending in -2020.02.17 because it was read by Filebeat on 17/02/2020.
What is the problem or question?

Heber_Leandro · February 19, 2020, 2:55pm

why in this situation @timestamp is different, I don't understand.

shaunak · February 19, 2020, 3:02pm

@Heber_Leandro, in your screenshot it looks like the timestamp is off by exactly 3 hours. Also notice that the timestamp on the left side does not have a time zone whereas the one on the right side does (Z = Zulu = UTC). Are you, by any chance, viewing Kibana from a UTC-0300 time zone location?

Shaunak

Heber_Leandro · February 19, 2020, 6:32pm

yes I am. I think I understand now.

varun1992 · February 20, 2020, 7:07am

TimeStamp value is read by mssql module from the log itself. so it is not beat reading time, it should be actual log creation time. so it is the problem

varun1992 · February 24, 2020, 3:19pm

Any help ?

system · March 23, 2020, 3:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.