I’m having a hardtime figuring this out. My fortigate is sending to my graylog, which goes fine. Even tried to work with pipelines and set epoch timestamp to timestamp but those date/times are the same. The fortigate already logs in my timezone, so when i try to search stuff, it’s always an hour behind because my profile is set to timezone Amsterdam. So i have to use absolute, change end date to +1 hour or +1 year to get realtime data. Where does this go wrong? My servers are also running in tz Europe/Amsterdam.
Figured it out. In the syslog message from the fortgate there is a TZ field which is set to +0100. I guess graylog doesn’t automaticly recognize it. So i did the pipeline suggestion in here.
All works out now.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.