Reverted time in logs

1. Describe your incident:
Winlogbeat send events from domain controller to graylog.
I created alert which send email if users use wrong password.
In original event on DC I see right time. In graylog I see right timestamp

timestamp 2023-03-28 07:33:04.026

But if I get email notifications I see

timestamp 2023-03-28T05:33:04.026Z

I attachk for email backlog and there is also a bad hour.

winlogbeat_@timestamp=2023-03-28T05:40:35.623Z, 

Why is the time shifted by two hours?

2. Describe your environment:

• OS Information:
  Ubuntu 22.04 LTS
• Package Version:
  Graylog 5.0
  Opensearch

3. What steps have you already taken to try and solve the problem?
My time configuration from graylog → Overview

Time configuration
Dealing with timezones can be confusing. Here you can see the timezone applied to different components of your system. You can check timezone settings of specific graylog-server nodes on their respective detail page.

User xxxxxxx:
2023-03-28 07:44:34 +02:00
Your web browser:
2023-03-28 07:44:34 +02:00
Graylog server:
2023-03-28 07:44:34 +02:00

4. How can the community help?
How I can fix this?

By default, notifications use UTC.
You can select the timezone in the definition of the notification.

I change UTC for Poland but still I see wrong time 08:08:55.218Z instead 10:08:55.218Z

Two quick questions first is the notification using an aggregation (>=5 etc), second what is the exact graylog version (5.0.5 etc)

Filter & Aggregation
Type
Filter
Search Query
winlogbeat_event_code:"4771"
Streams
Default Stream
Search within
2 minutes
Execute search every
2 minutes
Enable scheduling
no

Graylog Graylog 5.0.5

Ok, i solve a problem.
I used field definied ${event.fields.Date} so I changed to ${event.timestamp} and work good.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.