即使是不成熟的尝试,也胜于胎死腹中的策略。

Filebeat system模块@timestamp不对

Beats | 作者 Fan() | 发布于2018年05月08日 | 阅读数:4432

filebeat version 6.2.4 (amd64), libbeat 6.2.4
使用system模块收集/var/log/secure日志, 今天是2018-05-07结果这个@timestamp怎么是8月了啊
{
"_index": "filebeat-6.2.4-2018.05.07",
"_type": "doc",
"_id": "jzyXOGMBqWknc0YExm9d",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2018-08-08T23:31:35.000Z",
"system": {
"auth": {
"hostname": "iZ23pn0u8g5Z",
"ssh": {
"geoip": {
"continent_name": "Asia",
"city_name": "Hangzhou",
"country_iso_code": "CN",
"region_name": "Zhejiang",
"location": {
"lon": 120.1614,
"lat": 30.2936
}
},
"method": "password",
"port": "51496",
"ip": "140.205.201.36",
"event": "Failed"
},
"pid": "12206",
"user": "ftp",
"timestamp": "Aug 8 23:31:35"
}
},
"offset": 3785499,
"beat": {
"hostname": "iZ23pn0u8g5Z",
"name": "GN_PT_Slave6",
"version": "6.2.4"
},
"prospector": {
"type": "log"
},
"source": "/var/log/secure",
"fileset": {
"module": "system",
"name": "auth"
}
},
"fields": {
"@timestamp": [
"2018-08-08T23:31:35.000Z"
]
},
"sort": [
1533771095000
]
}
已邀请:

Dm

赞同来自:

@timestamp字段是es内部生成的,与部署es机器有关,你看看es所在机器的时间是否正确?

要回复问题请先登录注册