Well, compare the logs!
If we can parse your timestamp, you will notice that the timestamp on your log is the exact timestamp on kibana.
For example: 
(please note the +0000 section that indicates UTC, and my kibana is at GMT+2, hence the two hours time difference)
And if we can't extract timestamp from the log, we will add a timestamp to it as soon as we received it, to be as accurate as possible, but it may be a while depends on your shipping method, bulk size etc..
It will look like that:
Timestamp extractions depends on the log type, so make sure you shipping one of our out of the box supported formats, or that you have contacted us to get a custom parsing.
If you are sending your logs as JSON's, just fill your timestamp in the @timestamp field, with that format:
yyyy-MM-dd'T'HH:mm:ss.SSSZ e.g. 2016-01-06T12:14:00.000Z
Comments
0 comments
Please sign in to leave a comment.