Hello everyone,
our Graylog server runs in a Docker container set to the CEST timezone, the GRAYLOG_ROOT_TIMEZONE is set to CEST as well and in the Overview tab all three times are exactly the same:
User admin:
2020-09-24 15:37:00 +02:00
Your web browser:
2020-09-24 15:37:00 +02:00
Graylog server:
2020-09-24 15:37:00 +02:00
I have configured an Extractor that extracts the filebeat_timestamp field and converts it to the timestamp field. In the date converter I set the timezone to Europe/Berlin as their was no CEST available.
Now when I look at the log messages for the last five minutes for example, I can see exactly the right messages as per their filebeat_timestamp. Only the built-in graylog timestamp that should be overwritten is shown in UTC and therefore is two hours behind the actual time. You can see in the screenshot that in the time graph the timestamps seem to be correct, only in the table it doesn’t work.
As far as I understand Graylog always saves timestamps in UTC and then shows these parsed according to the timezone setting of the user. I tried multiple users with differing time zone settings but the timestamp in the table always stays at UTC while the time graph above has the correct timestamps.
Is there any way to fix this or did I overlook something?