Hello!
There are servers with different timezones on them. The problem is, when their logs are shipped via Syslog to Graylog, they won’t get displayed in a relative search. Instead one has to use absolute one.
I suppose, that’s because Graylog shows logs basing on the timestamp in them, right? Is there a way to change that behaviour so as to it’d show logs with any timezone at the current moment (perhaps basing on its own local timezone, not one from the clients)?
Thanks!
does your timestamps contain information about the timezones? Cause Graylog will take the timestamp as UTC if no information about a timezone is given.
Yeah, it seems they do. I see, so if I want to Graylog to display all logs, I need to tweak the timezone in them, right?
Does Graylog have some setting or a parameter, say, to ignore the timezone in the timestamps?
the easy solution from Graylog point of view - add timezone information to the logged time.
The not so easy solution is to take the timestamp and decide based on the device what timezone that is and apply the filter.
That is done using the processing pipeline - as the most flexible solution. We have multiple entries in this community that describe exactly how to.
I see. Ok, thanks a lot!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
