I'm ingesting Syslog input with Filebeat, and I'd like to use the timestamp processor to adjust the timezone of the logs (my source is sending them in local time and Kibana is expecting UTC). According to the documentation, this processor requires the target_field option to specify the source of the time. However, I have no idea how my @timestamp is being generated! The time is contained only in the syslog message, but according to this forum post, you can't take the time from the syslog message. So - where does filebeat go to find the time?
By default, Filebeat will set the timestamp field to the system time when the syslog message is received. you can parse or use another timestamp which matches your index mapping timestamp format.
1 Like
Thank you @Sunile_Manjee - I'll take a look at that.
Aha - I had my system timezone set incorrectly. Simple fix!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.