Hi. I+m having a problem with my suricata logs on kibana. My server and kibana are configured with the time Europe/Lisbon. The eve.json logs are in the correct timestamp. But when i move to kibana, the logs are shown in a different day with different hours. Like, today is 3/10/2020 and the logs are shown like 1/10/2020.
What am i doing wrong?
How are you ingesting the data? Using Logstash or Filebeat? Share your pipelines if possible.
Also, can you share an example of your eve.json log or at least the field with the timestamp?
I am using filebeat and suricata module directly to ES.
To see some data, i have to select 48h range
Are the log in your discovery print and the one of the json the same? I can't see where the error could be.
Can you pick up a log where the date is showing up with different days in both discovery and the source json? Show in discovery all the date fields that your document have, not jus the one used by the kibana index pattern. Also, share the json document using the code feature <\>, it is better to read and to try to reproduce.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
