We are using Graylog 3.2.4 and in the GUI messages are shown 2 hours later
1 TCP input is created and messages are coming in coming from our firewall on port 5514
the system times show all 3 correctly in the GUI and also the firewall uses the same time.
what can we do to have real time messaging ? doesn’t have to be the same second but would be nice to see it much quicker.
one of the fields in the message shows:
tz
+0200
so it looks like it has time zone information. We are using UTC + 2 so looks correct. ( Amsterdam )
the timestamp in one of the messages itself looks like this:
timestamp
2020-08-28 16:37:01 +02:00
thanks for your information. Is is a nice puzzle to solve anyway . We very much like the graylog application so I think this is easy to correct. If it needs a pipeline can you provide us with an example ? Not sure if this is the case.
Thanks… it now works I have setup the rule and the pipeline. Very NIce !!!
I had to wait a little bit… after making the change I did not immediately worked. I checked 2 hours later and now the messages are coming in real time with the correct time stamp
. We very much like the graylog application so I think this is easy to correct. If it needs a pipeline can you provide us with an example ? Not sure if this is the case.
