A user reported timestamps being reported in a mix timestamps being express in terms of UTC and CEST. I can’t get the quoting right to find +01:00 or +02:00 using the search bar.
Not much to go on with your question/statement… I don’t know what your query is, what you have tried, what example messages look like on your system…check out this post on asking community questions and perhaps add in some information that will help us help you?
The messages contain “+01:00” or possibly “+02:00”. I’m looking for those strings quite literally. A sample message is say:
1.234.56.78 - - [24/Nov/2021:16:36:06 +01:00] “GET / HTTP/1.1” 302 138 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
I’m interested in searching all fields and I’m also interested in just searching the messages.
You can try a regex search:
The general query format is:
field_name:/regular expression/
Example:
srcIP:/127\..+\..+\..+/
or in your case, perhaps just
/\+0[1-9]\:00/
It would be better if it were broken out into it’s own field… 
1 Like
Thanks. That’s returning no results, so I think I’ll have to contact support.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.