Hi,
I plucked my hair on this.
I configured and pushed WinlogBeat using Sidecar.
The problem is, the time in messages are UTC and I can’t figured out how to make WinlogBeat send logs using the machine local time.
Here is my config
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: ["x.x.x.x"]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
winlogbeat:
event_logs:
- name: Application`
- name: System
- name: Security
processors:
- add_locale:
format: offset
Tried all kind of variations to no avail. This last config is from the documentation and it gives no error in sidecar.log
Starting (svc driver)"
time=“2020-02-26T16:14:50-05:00” level=info msg="[winlogbeat] Configuration change detected, rewriting configuration file."
time=“2020-02-26T16:14:51-05:00” level=info msg="[winlogbeat] Stopping"
time=“2020-02-26T16:14:51-05:00” level=info msg="[winlogbeat] Starting (svc driver)"
What am I missing?
Need your help! Graylog 3.1 Sidecar 1.0.2