Hello everyone,
I have a very strange behavior of graylog, i’m located in Paris
Current default time zone: ‘Europe/Paris’
Local time is now: Tue Apr 9 15:29:15 CEST 2019.
Universal Time is now: Tue Apr 9 13:29:15 UTC 2019.
the logs create now appear in Graylog 2h after…
How can i fix that ?
If i understand well the messages are considered like being in UTC time ?
but how can i change that from graylog ?
Thanks in advance
What is the time zone on the sending device?
does the logfile contain a timestamp information?
If not Graylog assume that the ingested time is UTC … .
Yeah the log file doesnt not contains timestamp info 
date=2019-04-09 time=14:32:11 devname=4f-net-B devid=7008965 logid=0000000013 type=traffic subtype=forward level=notice vd=interne srcip=192.168.10.26 srcport=51460 srcintf=“interco-fw-int” dstip=10.4.33.25 dstport=8443 dstintf=“interco-infra” poluuid=a-c7cc24e7ecd1 sessionid=481086 proto=6 action=close policyid=278 policytype=policy dstcountry=“Reserved” srccountry=“Reserved” trandisp=noop service=“SVC-TCP-8443” duration=10 sentbyte=525 rcvdbyte=132 sentpkt=6 rcvdpkt=3 appcat=“unscanned” devtype=“Fortinet Device” mastersrcmac=00:09:0f:09:27:04 srcmac=00:09:0f:09:27:04
Is it possible simply with the extractors to add 2h on the UTC timestamp create by graylog ?
with the processing pipelines you can do that. Like mentioned here:
Other postings in the community will guide you!
I’m searching since a while and i just found out this post that resolved my issue 
Thanks a lot !!!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
