I have metricbeat and filebeat enabled for both system and kafka. MetricBeat seems to be sending the right data and the time is shown correct EDT. However FileBeat seems to be sending a time 4 hours behind EDT. I have confirmed that the convert_timezone is set to false everywhere.
Both Metricbeat and Filebeat convert the time to UTC when publishing events. Always. If a module has convert_timezone enabled, then filebeat will add the locale information and configure the ingest pipeline in Elasticsearch to convert the timestamp according to the locale later.
As filebeat itself does not parse the logs, the timestamp shipped with raw filebeat modules is the time a log line was read.
I am also having this issue with just elastic as a store. If I send data from my application to Elastic it assumes that the timestamp is GMT. How do I force EST? Add a timezone variable to my timestamp when I send it?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.