i send syslog message from Fortigate 60D and the timestamp provided in the syslog message is in system’s local time (GMT +1) it means 12:00 ( 11:00 Z). Graylog interprets it as UTC which leads to the following issue:
on this picture the timestamp is set to 16:18:47.000Z, but this time is send to graylog in GMT +1 time and graylog interpret it as UTC and there is the issue if i need log from 17:18:47 i must waiting to 18:18:47. Is there any options how to solve ? because my other logs are in UTC and only this logs are in GMT +1.
thanks for your quick answer, but i can’t figure out how to solved by this by the pipeline.
this option occurred to me, but I do not think how to fix it with pipeline.
is this possible way?
Sorry for my questions, but I do not know much about it.
rule “fortigate timestamp”
when
true
then
let new_timestamp = parse_date(to_string($message.date) + " " + to_string($message.time), "yyyy-MM-dd hh:mm:ss", "Europe/Prague");
set_field("timestamp", new_timestamp);
end
yes, i am tried but function doesn’t work. it looks like the addition of two string does not work.
is there an opportunity to tell the graylog, that the specified time is already in the zone Prague/Berlin.