gsmith
September 18, 2021, 12:16am
8
Oirbsiu:
is this a bug?
Not that I Know of. Elasticsearch stores all “time” fields in UTC/Epoch. I would double check your times/Date on each device and to make sure there not a problem.
TimeStamp 2021-09-17 08:27;05.496
@timestamp 2021-09-17T07:27:04.088Z
Event_Timestamp 2021/09/17/ 08:26:54
You have something crazy going on, not sure what.
Maybe some of these post will help
Graylog saves all dates in UTC format, and shows it in GUI in timezone configured for particular user.
For user admin, it uses timezone defined in /etc/graylog/server/server.conf file, parameter root_timezone.
root_timezone = Europe/Bratislava
Change Europe/Bratislava to your real timezone, and restart graylog server.
https://docs.graylog.org/en/3.1/pages/configuration/server.conf.html#general
For other user accounts other than admin, configuration is done in GUI. Every user can change t…
https://community.graylog.org/search?q=Timestamp
Thanks for the answer, the raw logs received in to ES were in my local timezone, but ES what I think was happening was ES assumed they were UTC and added +2 hours when storing them which meant I could not see any data unless I moved the time scale...
opened 02:46AM - 16 Apr 18 UTC
closed 09:11AM - 16 Apr 18 UTC
### Problem description
When logs are sent to graylog, they are not sorted acco… rding to time, but have errors.
### Steps to reproduce the problem
1. look
who can help me,thanks very mach!!!
### Environment
* Sidecar Version:collector-sidecar-0.1.4-1.x86_64
* Graylog Version:Graylog 2.4.3+2c41897
* Operating System:Centos7
* Elasticsearch Version:elasticsearch-5.6.3
* MongoDB Version:
EDIT : I read over this post trying to figure out an awswer for you about the hour difference.
There is your hour difference. I’m not 100% sure but a pipeline might be in your future to set these timestamps correct.
