Time zone problems in search

Greetings!

I can’t figure out what the problem is. Can you please tell me how to make the time corresponding to my time zone +3?

image

Hello,
Did you check your device/s date/time thats sending the log to Graylog?

Hello.
In the full_massage field, I displayed the full text coming from my device. It displays the time correctly.

Graylog saves the dates in UTC, the Timezone that is set per user (in the profile) is then used to Display the Timestamp.

In your server.conf, is that set correctly?

root_timezone = Chicago/America

Thanks for the answer.
Everything is correctly installed here.
image

Hi @7neon7
Something is probably wrong in you setup. I’ve tried your example message ine graylog 4.1.1 and was correctly parsed and also showed.

If I changed timezone for users (either admin or another user) to Europe/Minsk, everything was showed correctly: Timestamp 2021-07-21 16:02:59.000, timestamp: 2021-07-21 16:02:59.000 +03:00

Which graylog version do you use?
Try to create new user and setup correct timezone for it. All timestamps should be showed as +03:00.

If you are using the default admin user, you have to set time zone in the graylog configuration file and restart, if you are using non-admin user, you can change time zone settings in profile page

Thanks for the advice.
Graylog v4.1.2 + 20cd592
Creating a new user didn’t fix the problem.

The time zone Minsk is set in the server.conf file and in the settings on the profile page.

How about your installation, which type of installation did you done? Did you upgrade you graylog installation, or it’s a new clear installation?

@7neon7

If everything is set correctly then I might try on the side where you are generating the messages from. Based on RFC5424 on page 12 your incoming message is missing the TIME-SECFRAC.

The originator SHOULD include TIME-SECFRAC if its clock accuracy and
   performance permit.  The "timeQuality" SD-ID described in Section 7.1
   allows the originator to specify the accuracy and trustworthiness of
   the timestamp.

   A syslog application MUST use the NILVALUE as TIMESTAMP if the syslog
   application is incapable of obtaining system time.

It was an upgrade from 4.0 to 4.1

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.