Hi. The log indicates the time zone is +5, and the server time is +3, there are also logs with a time zone of +7. How can I bring the logs to one time, so that they would arrive without delay. Because now graylog waits until the server becomes the time when the log went.
Well, there are a few ways to solve this.
- Ensure all your servers timezones are set to UTC (even if they don’t live in UTC), then all your timestamps arrive in UTC.
- Alternatively hook up a pipeline or two, parse the log dates (flex_date_parse is great), and ensure you convert to UTC, then replace the original timestamp field with the new timestamp in UTC.
- There is no 3.
Also make sure that in your user profile you have set your timezone properly because it does take that into account.
1 Like
Hm, i cant change time zone on server. Can u please give me some screenshots with explanations of how and what to do as? I did not understand you.
Unfortunately I can’t do screenshots of our production environment without editing most of it out, and also unfortunately I don’t have the time to install a blank Graylog instance just for screenshots.
Look at the documentation about Pipelines - they allow you to process incoming messages before they are stored, so the process there is to parse your log entries to extract the timestamp the log “happened” on the server, then replace the event timestamp field with it.
That’s about all I can tell you right now…
1 Like
How i can do it without change timezone on server?
I just told you. I don’t want to sound mean but read the documentation on Pipelines. Understanding will follow from there.
1 Like
ok, thanks you for this.
Can i change log for set time zone and time which i need?
You need to make sure that your logfiles contain a timezone - that Graylog is able to transform that timestamp to UTC (because all timestamps are saved in UTC) or you need to rewrite the timestamp with a processing pipeline.
How you can rewrite is described in a number of postings in this community - just use the search for that.
If we did not get your question and it is something totally different - please rephrase your question.
I have exactly the same problem. But is problem dont solved
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.