diff --git a/filebeat/docs/include/var-convert-timezone.asciidoc b/filebeat/docs/include/var-convert-timezone.asciidoc deleted file mode 100644 index c4a18b7d9fa0..000000000000 --- a/filebeat/docs/include/var-convert-timezone.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -*`var.convert_timezone`*:: - -If this option is enabled, Filebeat reads the local timezone and uses it at log -parsing time to convert the timestamp to UTC. The local timezone is also added -in each event in a dedicated field (`event.timezone`). The conversion is only -possible in Elasticsearch >= 6.1. If the Elasticsearch version is less than 6.1, -the `event.timezone` field is added, but the conversion to UTC is not made. The -default is -ifdef::default_convert_timezone[`true`] -ifndef::default_convert_timezone[`false`] diff --git a/filebeat/docs/modules/kafka.asciidoc b/filebeat/docs/modules/kafka.asciidoc index 54d7b69eb431..05525dfc2294 100644 --- a/filebeat/docs/modules/kafka.asciidoc +++ b/filebeat/docs/modules/kafka.asciidoc @@ -64,7 +64,7 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] -include::../include/var-convert-timezone.asciidoc[] +include::../include/timezone-support.asciidoc[] :has-dashboards!: diff --git a/filebeat/docs/modules/rabbitmq.asciidoc b/filebeat/docs/modules/rabbitmq.asciidoc index 89a54775c236..df3c0e472fbe 100644 --- a/filebeat/docs/modules/rabbitmq.asciidoc +++ b/filebeat/docs/modules/rabbitmq.asciidoc @@ -52,14 +52,11 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] -:default_convert_timezone: true - -include::../include/var-convert-timezone.asciidoc[] +include::../include/timezone-support.asciidoc[] :has-dashboards!: :fileset_ex!: -:default_convert_timezone!: :modulename!: diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 71ecb1f09e0e..a71877610855 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -86,9 +86,6 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - gc: enabled: true # Set custom paths for the log files. If left empty, @@ -101,28 +98,18 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - slowlog: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - deprecation: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - - #------------------------------- Haproxy Module ------------------------------- - module: haproxy # All logs @@ -214,9 +201,6 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - #-------------------------------- Kibana Module -------------------------------- - module: kibana # All logs @@ -308,9 +292,6 @@ filebeat.modules: # can be added under this section. #input: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - # Error logs #error: #enabled: true @@ -323,9 +304,6 @@ filebeat.modules: # can be added under this section. #input: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - #------------------------------- Osquery Module ------------------------------- - module: osquery result: diff --git a/filebeat/module/elasticsearch/_meta/config.yml b/filebeat/module/elasticsearch/_meta/config.yml index 3105d5803792..0c2562f27969 100644 --- a/filebeat/module/elasticsearch/_meta/config.yml +++ b/filebeat/module/elasticsearch/_meta/config.yml @@ -7,9 +7,6 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - gc: enabled: true # Set custom paths for the log files. If left empty, @@ -22,24 +19,14 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - slowlog: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - deprecation: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - diff --git a/filebeat/module/elasticsearch/audit/config/audit.yml b/filebeat/module/elasticsearch/audit/config/audit.yml index 4e6434053401..d96242ac040d 100644 --- a/filebeat/module/elasticsearch/audit/config/audit.yml +++ b/filebeat/module/elasticsearch/audit/config/audit.yml @@ -5,7 +5,5 @@ paths: {{ end }} exclude_files: [".gz$"] -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/elasticsearch/audit/manifest.yml b/filebeat/module/elasticsearch/audit/manifest.yml index ed85d3601011..1335a5c25c57 100644 --- a/filebeat/module/elasticsearch/audit/manifest.yml +++ b/filebeat/module/elasticsearch/audit/manifest.yml @@ -14,13 +14,6 @@ var: - c:/ProgramData/Elastic/Elasticsearch/logs/*_access.log - c:/ProgramData/Elastic/Elasticsearch/logs/*_audit.log - c:/ProgramData/Elastic/Elasticsearch/logs/*_audit.json - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: - ingest/pipeline.json diff --git a/filebeat/module/elasticsearch/deprecation/config/log.yml b/filebeat/module/elasticsearch/deprecation/config/log.yml index e7c07ee6ec2e..fa541cde1c66 100644 --- a/filebeat/module/elasticsearch/deprecation/config/log.yml +++ b/filebeat/module/elasticsearch/deprecation/config/log.yml @@ -9,8 +9,5 @@ multiline: negate: true match: after -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} - diff --git a/filebeat/module/elasticsearch/deprecation/manifest.yml b/filebeat/module/elasticsearch/deprecation/manifest.yml index 46389067c5ff..a6332145175e 100644 --- a/filebeat/module/elasticsearch/deprecation/manifest.yml +++ b/filebeat/module/elasticsearch/deprecation/manifest.yml @@ -11,13 +11,6 @@ var: os.windows: - c:/ProgramData/Elastic/Elasticsearch/logs/*_deprecation.log - c:/ProgramData/Elastic/Elasticsearch/logs/*_deprecation.json - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: - ingest/pipeline.json diff --git a/filebeat/module/elasticsearch/server/config/log.yml b/filebeat/module/elasticsearch/server/config/log.yml index 0cd908367126..37c2e58592bc 100644 --- a/filebeat/module/elasticsearch/server/config/log.yml +++ b/filebeat/module/elasticsearch/server/config/log.yml @@ -9,8 +9,6 @@ multiline: negate: true match: after -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/elasticsearch/server/manifest.yml b/filebeat/module/elasticsearch/server/manifest.yml index cb240d5a512d..ae0399a86905 100644 --- a/filebeat/module/elasticsearch/server/manifest.yml +++ b/filebeat/module/elasticsearch/server/manifest.yml @@ -11,13 +11,6 @@ var: os.windows: - c:/ProgramData/Elastic/Elasticsearch/logs/*.log - c:/ProgramData/Elastic/Elasticsearch/logs/*_server.json - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: - ingest/pipeline.json diff --git a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml index bcacf308e095..e255eaacbfea 100644 --- a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml +++ b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml @@ -10,7 +10,5 @@ multiline: negate: true match: after -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/elasticsearch/slowlog/manifest.yml b/filebeat/module/elasticsearch/slowlog/manifest.yml index 0e839abd39dd..e17acada0521 100644 --- a/filebeat/module/elasticsearch/slowlog/manifest.yml +++ b/filebeat/module/elasticsearch/slowlog/manifest.yml @@ -17,13 +17,6 @@ var: - c:/ProgramData/Elastic/Elasticsearch/logs/*_index_indexing_slowlog.log - c:/ProgramData/Elastic/Elasticsearch/logs/*_index_search_slowlog.json - c:/ProgramData/Elastic/Elasticsearch/logs/*_index_indexing_slowlog.json - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: - ingest/pipeline.json diff --git a/filebeat/module/kafka/_meta/config.yml b/filebeat/module/kafka/_meta/config.yml index 9193a87a5fc9..cbda5709c399 100644 --- a/filebeat/module/kafka/_meta/config.yml +++ b/filebeat/module/kafka/_meta/config.yml @@ -10,6 +10,3 @@ # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false diff --git a/filebeat/module/kafka/_meta/docs.asciidoc b/filebeat/module/kafka/_meta/docs.asciidoc index 25625374898a..ca0068f85fa3 100644 --- a/filebeat/module/kafka/_meta/docs.asciidoc +++ b/filebeat/module/kafka/_meta/docs.asciidoc @@ -59,7 +59,7 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] -include::../include/var-convert-timezone.asciidoc[] +include::../include/timezone-support.asciidoc[] :has-dashboards!: diff --git a/filebeat/module/kafka/log/config/log.yml b/filebeat/module/kafka/log/config/log.yml index 2aec4b7b218e..fc64b9097c7a 100644 --- a/filebeat/module/kafka/log/config/log.yml +++ b/filebeat/module/kafka/log/config/log.yml @@ -8,7 +8,5 @@ multiline: pattern: '^\[' negate: true match: after -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/kafka/log/manifest.yml b/filebeat/module/kafka/log/manifest.yml index bdf24847b008..97ea201ec89d 100644 --- a/filebeat/module/kafka/log/manifest.yml +++ b/filebeat/module/kafka/log/manifest.yml @@ -9,13 +9,6 @@ var: - "{{.kafka_home}}/logs/server.log*" - "{{.kafka_home}}/logs/state-change.log*" - "{{.kafka_home}}/logs/kafka-*.log*" - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: ingest/pipeline.json input: config/log.yml diff --git a/filebeat/module/logstash/_meta/config.yml b/filebeat/module/logstash/_meta/config.yml index 0a594550d749..acacaaafa892 100644 --- a/filebeat/module/logstash/_meta/config.yml +++ b/filebeat/module/logstash/_meta/config.yml @@ -7,15 +7,9 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - # Slow logs slowlog: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false diff --git a/filebeat/module/logstash/log/config/log.yml b/filebeat/module/logstash/log/config/log.yml index 8ecf4e1db784..8d2e78e77521 100644 --- a/filebeat/module/logstash/log/config/log.yml +++ b/filebeat/module/logstash/log/config/log.yml @@ -12,7 +12,5 @@ multiline: match: after {{ end }} -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/logstash/log/manifest.yml b/filebeat/module/logstash/log/manifest.yml index e7525241885a..696adeebbde2 100644 --- a/filebeat/module/logstash/log/manifest.yml +++ b/filebeat/module/logstash/log/manifest.yml @@ -8,13 +8,6 @@ var: - /var/log/logstash/logstash-{{.format}}*.log os.windows: - c:/programdata/logstash/logs/logstash-{{.format}}*.log - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: ingest/pipeline-{{.format}}.json input: config/log.yml diff --git a/filebeat/module/logstash/slowlog/config/slowlog.yml b/filebeat/module/logstash/slowlog/config/slowlog.yml index 4e6434053401..d96242ac040d 100644 --- a/filebeat/module/logstash/slowlog/config/slowlog.yml +++ b/filebeat/module/logstash/slowlog/config/slowlog.yml @@ -5,7 +5,5 @@ paths: {{ end }} exclude_files: [".gz$"] -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/logstash/slowlog/manifest.yml b/filebeat/module/logstash/slowlog/manifest.yml index 25f0118fbf6a..41d534bc8db8 100644 --- a/filebeat/module/logstash/slowlog/manifest.yml +++ b/filebeat/module/logstash/slowlog/manifest.yml @@ -8,13 +8,6 @@ var: - /var/log/logstash/logstash-slowlog-{{.format}}*.log os.windows: - c:/programdata/logstash/logs/logstash-slowlog-{{.format}}*.log - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: ingest/pipeline-{{.format}}.json input: config/slowlog.yml diff --git a/filebeat/module/nginx/_meta/config.reference.yml b/filebeat/module/nginx/_meta/config.reference.yml index 94a8d84b2c74..572341217e65 100644 --- a/filebeat/module/nginx/_meta/config.reference.yml +++ b/filebeat/module/nginx/_meta/config.reference.yml @@ -11,9 +11,6 @@ # can be added under this section. #input: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - # Error logs #error: #enabled: true @@ -25,6 +22,3 @@ # Input configuration (advanced). Any input configuration option # can be added under this section. #input: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false diff --git a/filebeat/module/nginx/_meta/config.yml b/filebeat/module/nginx/_meta/config.yml index e117f33ecb50..22fe90e486e4 100644 --- a/filebeat/module/nginx/_meta/config.yml +++ b/filebeat/module/nginx/_meta/config.yml @@ -7,9 +7,6 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: true - # Error logs error: enabled: true @@ -17,6 +14,3 @@ # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: true diff --git a/filebeat/module/nginx/access/config/nginx-access.yml b/filebeat/module/nginx/access/config/nginx-access.yml index 4e6434053401..d96242ac040d 100644 --- a/filebeat/module/nginx/access/config/nginx-access.yml +++ b/filebeat/module/nginx/access/config/nginx-access.yml @@ -5,7 +5,5 @@ paths: {{ end }} exclude_files: [".gz$"] -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/nginx/access/manifest.yml b/filebeat/module/nginx/access/manifest.yml index 6ff64f6496f9..a0fede4ed51d 100644 --- a/filebeat/module/nginx/access/manifest.yml +++ b/filebeat/module/nginx/access/manifest.yml @@ -8,13 +8,6 @@ var: - /usr/local/var/log/nginx/access.log* os.windows: - c:/programdata/nginx/logs/*access.log* - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: ingest/default.json input: config/nginx-access.yml diff --git a/filebeat/module/nginx/error/config/nginx-error.yml b/filebeat/module/nginx/error/config/nginx-error.yml index 4e6434053401..d96242ac040d 100644 --- a/filebeat/module/nginx/error/config/nginx-error.yml +++ b/filebeat/module/nginx/error/config/nginx-error.yml @@ -5,7 +5,5 @@ paths: {{ end }} exclude_files: [".gz$"] -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/filebeat/module/nginx/error/manifest.yml b/filebeat/module/nginx/error/manifest.yml index f050bfaad9a3..641ec771bbb3 100644 --- a/filebeat/module/nginx/error/manifest.yml +++ b/filebeat/module/nginx/error/manifest.yml @@ -8,13 +8,6 @@ var: - /usr/local/var/log/nginx/error.log* os.windows: - c:/programdata/nginx/logs/error.log* - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: ingest/pipeline.json input: config/nginx-error.yml diff --git a/filebeat/modules.d/elasticsearch.yml.disabled b/filebeat/modules.d/elasticsearch.yml.disabled index 986a7a881371..4db2df4eaea3 100644 --- a/filebeat/modules.d/elasticsearch.yml.disabled +++ b/filebeat/modules.d/elasticsearch.yml.disabled @@ -10,9 +10,6 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - gc: enabled: true # Set custom paths for the log files. If left empty, @@ -25,24 +22,14 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - slowlog: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - deprecation: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - diff --git a/filebeat/modules.d/kafka.yml.disabled b/filebeat/modules.d/kafka.yml.disabled index ec6b533399b1..9d1b367b5c3e 100644 --- a/filebeat/modules.d/kafka.yml.disabled +++ b/filebeat/modules.d/kafka.yml.disabled @@ -13,6 +13,3 @@ # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false diff --git a/filebeat/modules.d/logstash.yml.disabled b/filebeat/modules.d/logstash.yml.disabled index a7590063872a..53091a8a411c 100644 --- a/filebeat/modules.d/logstash.yml.disabled +++ b/filebeat/modules.d/logstash.yml.disabled @@ -10,15 +10,9 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - # Slow logs slowlog: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false diff --git a/filebeat/modules.d/nginx.yml.disabled b/filebeat/modules.d/nginx.yml.disabled index 590fd3e9c4ad..cc77a6b34596 100644 --- a/filebeat/modules.d/nginx.yml.disabled +++ b/filebeat/modules.d/nginx.yml.disabled @@ -10,9 +10,6 @@ # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: true - # Error logs error: enabled: true @@ -20,6 +17,3 @@ # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: true diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index dd98c7ae84d9..4243e9b76cf2 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -123,8 +123,6 @@ def run_on_file(self, module, fileset, test_file, cfgfile): "-M", "{module}.*.enabled=false".format(module=module), "-M", "{module}.{fileset}.enabled=true".format( module=module, fileset=fileset), - "-M", "{module}.{fileset}.var.convert_timezone=true".format( - module=module, fileset=fileset), "-M", "{module}.{fileset}.var.input=file".format( module=module, fileset=fileset), "-M", "{module}.{fileset}.var.paths=[{test_file}]".format( diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index b1d412da7b11..21f43d0462ca 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -113,9 +113,6 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - gc: enabled: true # Set custom paths for the log files. If left empty, @@ -128,28 +125,18 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - slowlog: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - deprecation: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - - #------------------------------ Envoyproxy Module ------------------------------ - module: envoyproxy # Fileset for native deployment @@ -263,9 +250,6 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - #-------------------------------- Kibana Module -------------------------------- - module: kibana # All logs @@ -375,9 +359,6 @@ filebeat.modules: # can be added under this section. #input: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - # Error logs #error: #enabled: true @@ -390,9 +371,6 @@ filebeat.modules: # can be added under this section. #input: - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - #------------------------------- Osquery Module ------------------------------- - module: osquery result: @@ -443,9 +421,6 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: ["/var/log/rabbitmq/rabbit@localhost.log*"] - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false - #-------------------------------- Redis Module -------------------------------- #- module: redis # Main logs diff --git a/x-pack/filebeat/module/cisco/asa/config/input.yml b/x-pack/filebeat/module/cisco/asa/config/input.yml index 18098200fc3e..32e87abc8388 100644 --- a/x-pack/filebeat/module/cisco/asa/config/input.yml +++ b/x-pack/filebeat/module/cisco/asa/config/input.yml @@ -18,6 +18,4 @@ exclude_files: [".gz$"] tags: {{.tags}} processors: -{{ if .convert_timezone }} - add_locale: ~ -{{ end }} diff --git a/x-pack/filebeat/module/cisco/asa/manifest.yml b/x-pack/filebeat/module/cisco/asa/manifest.yml index b92607f91688..0366432ca7a6 100644 --- a/x-pack/filebeat/module/cisco/asa/manifest.yml +++ b/x-pack/filebeat/module/cisco/asa/manifest.yml @@ -12,8 +12,6 @@ var: default: 9001 - name: input default: syslog - - name: convert_timezone - default: false - name: log_level default: 7 # if ES < 6.1.0, this flag switches to false automatically when evaluating the diff --git a/x-pack/filebeat/module/iptables/log/config/input.yml b/x-pack/filebeat/module/iptables/log/config/input.yml index 20fe0d35af43..c1008a7fcc85 100644 --- a/x-pack/filebeat/module/iptables/log/config/input.yml +++ b/x-pack/filebeat/module/iptables/log/config/input.yml @@ -18,9 +18,7 @@ exclude_files: [".gz$"] tags: {{.tags}} processors: -{{ if .convert_timezone }} - add_locale: ~ -{{ end }} {{ if .community_id }} - dissect: tokenizer: "%{} SRC=%{source.ip} DST=%{destination.ip} " diff --git a/x-pack/filebeat/module/iptables/log/manifest.yml b/x-pack/filebeat/module/iptables/log/manifest.yml index f3604a1bca45..adbe7e8fdb00 100644 --- a/x-pack/filebeat/module/iptables/log/manifest.yml +++ b/x-pack/filebeat/module/iptables/log/manifest.yml @@ -12,13 +12,6 @@ var: default: 9001 - name: input default: syslog - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false - name: community_id default: true diff --git a/x-pack/filebeat/module/mssql/log/config/config.yml b/x-pack/filebeat/module/mssql/log/config/config.yml index 7af7d54f8a1c..5e2e11c6a341 100644 --- a/x-pack/filebeat/module/mssql/log/config/config.yml +++ b/x-pack/filebeat/module/mssql/log/config/config.yml @@ -9,7 +9,5 @@ multiline.pattern: '^\d\d' multiline.negate: true multiline.match: after -{{ if .convert_timezone }} processors: - add_locale: ~ -{{ end }} diff --git a/x-pack/filebeat/module/mssql/log/manifest.yml b/x-pack/filebeat/module/mssql/log/manifest.yml index f4c5f7b66a97..fb1b70c9f96a 100644 --- a/x-pack/filebeat/module/mssql/log/manifest.yml +++ b/x-pack/filebeat/module/mssql/log/manifest.yml @@ -10,13 +10,6 @@ var: - c:\ProgramFiles\Microsoft SQL Server\MSSQL.1MSSQL\LOG\ERRORLOG* os.linux: - /var/opt/mssql/log/error* - - name: convert_timezone - default: true - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: ingest/pipeline.json input: config/config.yml diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 0a143adcfcc4..5ff8f7216fa7 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -18,9 +18,7 @@ exclude_files: [".gz$"] tags: {{.tags}} processors: -{{ if .convert_timezone }} - add_locale: ~ -{{ end }} - decode_csv_fields: fields: diff --git a/x-pack/filebeat/module/panw/panos/manifest.yml b/x-pack/filebeat/module/panw/panos/manifest.yml index f6265abad1ec..4c356d650809 100644 --- a/x-pack/filebeat/module/panw/panos/manifest.yml +++ b/x-pack/filebeat/module/panw/panos/manifest.yml @@ -12,13 +12,6 @@ var: default: 9001 - name: input default: syslog - - name: convert_timezone - default: false - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false - name: community_id default: true diff --git a/x-pack/filebeat/module/rabbitmq/_meta/config.yml b/x-pack/filebeat/module/rabbitmq/_meta/config.yml index ee6144f3d152..246c13225c6a 100644 --- a/x-pack/filebeat/module/rabbitmq/_meta/config.yml +++ b/x-pack/filebeat/module/rabbitmq/_meta/config.yml @@ -6,6 +6,3 @@ # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: ["/var/log/rabbitmq/rabbit@localhost.log*"] - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false diff --git a/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc b/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc index 21497b1c28d5..0c5c69a2d5b9 100644 --- a/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc @@ -47,13 +47,10 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] -:default_convert_timezone: true - -include::../include/var-convert-timezone.asciidoc[] +include::../include/timezone-support.asciidoc[] :has-dashboards!: :fileset_ex!: -:default_convert_timezone!: :modulename!: diff --git a/x-pack/filebeat/module/rabbitmq/log/config/log.yml b/x-pack/filebeat/module/rabbitmq/log/config/log.yml index c25012ab3158..c584a841aa3e 100644 --- a/x-pack/filebeat/module/rabbitmq/log/config/log.yml +++ b/x-pack/filebeat/module/rabbitmq/log/config/log.yml @@ -14,6 +14,4 @@ multiline: match: after processors: -{{ if .convert_timezone }} - add_locale: ~ -{{ end }} \ No newline at end of file diff --git a/x-pack/filebeat/module/rabbitmq/log/manifest.yml b/x-pack/filebeat/module/rabbitmq/log/manifest.yml index da9f7d150b95..6ec5ae57f0f7 100644 --- a/x-pack/filebeat/module/rabbitmq/log/manifest.yml +++ b/x-pack/filebeat/module/rabbitmq/log/manifest.yml @@ -8,12 +8,5 @@ var: - ${RABBITMQ_LOGS:/usr/local/var/log/rabbitmq/rabbit@localhost.log*} os.windows: #- '%APPDATA%\RabbitMQ\log\rabbit@localhost.log*' - - name: convert_timezone - default: true - # if ES < 6.1.0, this flag switches to false automatically when evaluating the - # pipeline - min_elasticsearch_version: - version: 6.1.0 - value: false ingest_pipeline: ingest/pipeline.yml input: config/log.yml diff --git a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled index 5e8ff1eb225b..c446834f99e0 100644 --- a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled +++ b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled @@ -9,6 +9,3 @@ # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: ["/var/log/rabbitmq/rabbit@localhost.log*"] - - # Convert the timestamp to UTC. Requires Elasticsearch >= 6.1. - #var.convert_timezone: false