everyone
I have a fresh new log center with ELK Search and filebeat, when I access Kibana from the "Discover" menu the filebeat files are displayed with future dates (i.g. December 11th 2019, 11: 31: 55,000).
I already checked the timezone of the servers and they are all correct, when I changed the timezone in the kibana advanced settings, but without success.
#filebeat.yml
filebeat:
prospectors:
-
paths:
- /var/log/secure
- /var/log/messages
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["elk_server_ip:5044"]
bulk_max_size: 1024
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB
and here is the logstash output
# 30-elasticsearch-output.conf
output {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
Does anyone know how I can fix this?
The only change that Kibana makes to the dates is to show it on the browser timezone per default instead of showing it in UTC, the problem could be on the way the date is being parsed on your logstash filter.