HI, I have a server on which the time zone is +3 (Moscow) from UTC. There are logs that come from different time zones +5.6 and others. These logs appear with a delay in time, that is, if the log arrived at 14:00 (the logs contain the date, time and time zone), until the time on the server equals the log time it will not be displayed. I cannot change the server time on UTC. How can I solve this problem,without changing in the nginx config and time on the server so that the logs are displayed in real time and not with a delay?
you see in your picture the bold timestamp? That is the one where Graylog is working with.
If the timestamp is not the one you need - because that is somewhere in the message - you need to work with extractrors or processing pipelines to extract your wanted timestamp and save that in the timestamp field.
/jd
what? rephrase the question please.
logs come. But for some reason in the future
the pink frame (time selector) will use the pink highlighted field timestamp for search.
Not some date that is located in the field message (your highlighted red field)
Youâve asked this same question multiple times now, in all threads youâve asked this, people have given you the solution. Yet you keep asking the question. May I suggest you read the answers again, then read the documentation?
As @jan said - the timestamp Graylog works with is stored in the âtimestampâ field. By default, this is set to the time that Graylog received the message. This means that if you want âcorrectâ timestamps, you will have to parse the log message, extract the timestamp from that, and put it in the timestamp field, so it gets stored correctly.
This is not rocket science, this has been explained to you on at least 3 occasions now. There is no way to make this any simpler.
Sorry if I sound like an asshole, but ask stupid question, get stupid answer.
1 Like
I read the documentation and did not find the answer to my question. In previous reports, I was not given a concrete answer. If you can, give give an example for me.
Jan HAS given you a very concrete example. With pink highlights and everything.
Itâs not really true. If graylog can phrase the date from the message, GL use it instead the arrival time.
You can send logs to the past or to the future. 
@Uporaba
If you use syslog input, GL will phrase as syslogâs RFC,
The time format in RFC
And some exapmles
Please compare your red marked date format.
As @jan mentioned
1 Like
Okay, true, if itâs in the timestamp field in the message - but in this case itâs obviously not 
You have been given examples and concrete answers, including in detail the steps to follow. What you do need to do is implement it, yourself. If you want us to do the work for you, I can tell you that I personally come at $100/hr for consulting services.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.