@timestamp date different from index name date

varun1992 · February 17, 2020, 12:23pm

I am getting different dates in @timestamp field and _index name field as shown in picture

Capture

My filebeat.yml output as below

Capture1

Please help, Thanks

kvch · February 18, 2020, 5:13pm

@timestamp is the timestamp of the log and it gets inserted into the index ending in -2020.02.17 because it was read by Filebeat on 17/02/2020.
What is the problem or question?

Heber_Leandro · February 19, 2020, 2:55pm

why in this situation @timestamp is different, I don't understand.

shaunak · February 19, 2020, 3:02pm

@Heber_Leandro, in your screenshot it looks like the timestamp is off by exactly 3 hours. Also notice that the timestamp on the left side does not have a time zone whereas the one on the right side does (Z = Zulu = UTC). Are you, by any chance, viewing Kibana from a UTC-0300 time zone location?

Shaunak

Heber_Leandro · February 19, 2020, 6:32pm

yes I am. I think I understand now.

varun1992 · February 20, 2020, 7:07am

TimeStamp value is read by mssql module from the log itself. so it is not beat reading time, it should be actual log creation time. so it is the problem

varun1992 · February 24, 2020, 3:19pm

Any help ?

system · March 23, 2020, 3:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with @timestamp time in indexes Beats filebeat	22	3028	April 7, 2020
@timestamp in log file getting replaced by processing time Beats filebeat	7	6524	July 19, 2016
@timestamp kibana and log time are differents Elasticsearch	3	5685	May 21, 2019
Is @timestamp in kibana from filebeat or logstash? Kibana	10	781	March 31, 2023
Filebeat harvests log from elasticsearch and store field 'timestamp' without converting to utc time Beats elastic-stack-monitoring , filebeat	4	584	February 14, 2019

@timestamp date different from index name date

Related topics