search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.8k stars 8.19k forks source link

timestamp problem 5min delay #13869

Closed foxiiit closed 7 years ago

foxiiit commented 7 years ago

hello, still a newbie here I installed the 5.5 version of ElasticStack I have a time problem 5 min difference with the local time I do receive ossec logs 2017 Sep 06 00:05:03 WinEvtLog: Security: AUDIT_SUCCESS(4624) but the timestamp of kibana is September 5th 2017, 23:59:57.449

already checked the ossec server time and it is correct .. my logstash conf contain date { match => ["timestamp", "MMM dd HH:mm:ss", "MMM d HH:mm:ss", "MMM dd yyyy HH:mm:ss", "MMM d yyyy HH:mm:ss" ] timezone => "Africa/Tunis"

 } # date fin

any help .. thx

foxiiit commented 7 years ago

any help?

foxiiit commented 7 years ago

I tested the output of logstash and the time is correct but when I use beats the time is 5 min behind Any Idea ?

Bargs commented 7 years ago

Sounds like this is beats specific then? Could you try asking in the Beats discussion forum?