Hi everyone. I’m new to the graylog business and i have this problem with the time of my windows 2012 logs. I’m using udp GELF to input this logs from my windows 2012 running nxlog. Is there a way to fix the differences between the time of windows log and the time of graylog search log?.
Thanks
The Graylog timestamp is UTC, I think your current local timezone is UTC -3.
The 1 second difference between the timestamps seems to be a NTP problem. Your time at the Graylog servers is not the same as on the Windows server.
The Graylog timestamp is the timestamp when your message arrives in Graylog and has nothing to do with the time in the original log.
I guess that this ingest does not set the timestamp according to the event time but to the receive time … so that is where you can use a processing pipeline to normalize your log.
In addition the timestamps are displayed in the timezone that the user has set in his profile (for the field timestamp). If you hover over the time (with the pointer) you get the UTC timestamp …
Thanks for the reply gentleman. the problem was in the profile!.. Unfortunately to change the default admin profile i have to change server.conf, so instead i just create another user and set the time right for my region!..
Thanks again Jan!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
