Logs received too late but with the right timestamp

gsmith · November 5, 2021, 11:54pm

Hello

To sum it up.

You have no extractors running that is manipulating the data from the input?
All buffers are 0 so there is no delay in processing data?
Checked your remote devices and they have the correct TimeZone and the Date/Time is also correct?
Graylog server Date/Time is correct which matches the remote device, correct?
The user logged on have the same Time/Zone and the date/Time is correct?
Did you double check your NTP service and configuration?
Did you see anything that may pertain to this issue in the log files?

Example:

What I noticed was this.

and this

So you have Linux and Windows going to the same INPUT/ports?
Have you tried to separate them?

Example Linux Servers.

Example Windows Servers

It might not help, but its worth a try. If anything, maybe we can narrow it down.

If you tried and checked our suggestions perhaps something in this post may help.

Topic		Replies	Views
Graylog and windows log times does not match Graylog Central (peer support)	4	1365	November 18, 2019
Timezone issues. Logs are shown 1 hour behind Graylog Central (peer support)	8	3516	September 17, 2020
Timestamp issue on graylog Graylog Central (peer support) pipeline-rules	6	1862	December 18, 2020
Timezone graylog for a lot of timezone Graylog Central (peer support)	11	3142	December 20, 2018
Logs delayed on time Graylog Central (peer support)	7	2791	April 23, 2019