I have the same issue as described in this post:
In System/Overview, all 3 times are the same and correct.
My concern is that when I do a search for any new (in the last 5 minutes), nothing shows up because of this time discrepancy. I have to change it for “in the last 8 hours” in order to see any data.
I do not understand the above linked post’s comments, so I don’t know if a fix was mentioned (timestamp conversion) or not.
I am not sure if I have the same issue:
Graylog 3.0.2+1686930, codename Space Moose
Host OS: Ubuntu 18.04.3 LTS
Host: 2020-02-15 11:52:05 +08:00Time configuration
User ******: 2020-02-15 11:52:05 +08:00
Your web browser: 2020-02-15 11:52:05 +08:00
Graylog server: 2020-02-15 11:52:29 +08:00root_timezone = UTC
The syslog with timestamp with UTC got transformed to UTC-8 as raw data. It’s doing well if your syslog timestamp is in UTC+8, which is not the standard as we wish.
How do I stop the transformation for particular syslog if there’s still other raw data need to be transformed?
update: the timestamp is minus 8 hours behind and only the full_message shows the correct one.
the question is:
If the timestamp did not include timezone information, Graylog works with that timestamp as it is UTC.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
