Graylog Labs - Time Zones: A logger's worst nightmare

Hey Y’all!

While I’m no stranger to Graylog, this is my first Graylog Labs post and wanted to take the opportunity to formally introduce myself!

My name is Drew Miranda and I’m a Solution Engineer (SE) here at Graylog. I joined Graylog in May 2022 (ok it was the LAST day of may so maybe i should say I joined in June ). While i’m still new to Graylog as an employee, I’ve been using Graylog since 0.2, which was released in 2013.

Today I’m sharing my first ever published Graylog Labs blog post:
Time Zones: A logger’s worst nightmare

This post covers everything i’ve learned about how timezones relate to Graylog and how to ensure your syslog messages are ingested with correct timestamps. I learned a lot over the course of researching, testing, and documenting this topic and am very happy to be able to share this information.

Hey @drewmiranda-gl

You hit the spot with time zones. awesome post.

Timezones are a frequent pain point for new comers, so good job on choosing the topic and thanks for sharing.

Suggestion : it would be great to add a sample Pipeline/Rule that corrects the timestamp, which would be relevant in those cases where correcting the timestamp on the source of the log is not possible.

Love you!

(Just kinda kidding) but indeed it has been a nightamare when ingesting syslog logs because, well, the usual chaos.

I would like to suggest: what about a simple additional parameter for input definition so that you can choose which time zone you want to assign to incoming logs through it?

I agree! I’ve opened a feature request via github here: Syslog input timezone behavior not documented, requires that graylog server and log source both use same timezone · Issue #14112 · Graylog2/graylog2-server · GitHub