SOC timestamp different from ElasticSearch #9645
Replies: 1 comment
-
|
I'm seeing something similar on my own Fortinet logs -- in my case, the difference is UTC vs. local time zone. Is it the same for you? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all,
Recently I added a fortinet module from filebeat. Works good, but The timezone wasn't correct, so I edited the pipeline do to so.
Worked fine too.
But now, the timestamp from SOC and ElasticSearch is different, See screenshot
The @ timestamp field on log is the correct one, and the SOC Timestamp is wrong
Edit 1: The pipeline came back to ingest in wrong timezone
Beta Was this translation helpful? Give feedback.
All reactions