I have the problem that the time does not match the one in the log file.
What can I do about it ?
It only occurs with this log file (filebeat). On another system, where Logstash is running, this does not occur.
Unfortunately there is no Exim module for Logstash.
Can someone help me ?
I suppose it is a problem with timezone.
your local datetime may be
"2022-07-21 10:11:22+02:00"
but if imported to es without its timezone something like "2022-07-21 10:11:22",
it could be regarded as "2022-07-21 10:11:22Z" equals to "2022-07-21 12:11:22+02:00", which could be displayed as "2022-07-21 12:11:22" in kibana.
Try date filter plugin with timezone.
Elastic converts incoming time to UTC
Kibana converts it back to your local time.
check in kibana and this event should show up at 2022-07-21 10:11:22
Where do I check this and where do I set the time zone correctly ? On the server where ELK runs and where exim runs, the correct time zone is active.
You can use the dateFormat:tz advanced setting shown on Advanced Settings | Kibana Guide [master] | Elastic to change it to "UTC" to display UTC.
The default of Browser will show browser-local time according to your OS clock.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.