Hello,
I’m using Graylog 4.2.4 on FreeBSD.
I’m trying to process a syslog input using JSON extractor. Everything works fine, but I have a problem with timezone. The timestamp I receive from the remote device is in “yyyy-MM-dd HH:mm:ss.SSS” format, as expected by Graylog, so there is no timezone information here. It is processed correctly, assuming UTC timezone. Now I want to tell Graylog that the timezone for the event is not UTC but CEST. I tried to add “timezone” field into the JSON, it was processed as string, but there is no effect on the timestamp (it is still in UTC). How should I proceed to force a timezone here?
Peter
Hello && Welcome @Peter2121
Are you referring to Event Definition/Notification? If so there are a couple ways to go about change timestamp. If you could show an example of what your seeing that also would be great.
I’m referring to events input.
I know I can change the timestamp of an event using a pipeline. I just want to know if I can set the timezone directly in my JSON, so it would be defined during the event import using JSON extractor without any additional task.
Unfortunately, a JSON extractor is unable to use a converter. This would have been easy using any other extractor.
For example. using regex extractor…
It might be possible to configure log shipper to convert it for you.
And as you seen already, the only other way I know was here…
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.