Does graylog support half hour timezone offsets, I am adjusting a user but it appears that the GMT offsets are only whole hours? Also, what would be the best time zone to have configured if I want to see all logs received in the last five minutes no matter the time zone of the sources. I know this will sound weird, but is there a way to search the next 6 hours for the time relative offsets. For example, I am looking at the last five minutes if is based on my time zone and logs that are being received from GMT+ sites are not displaying. Is there a way to choose whether I want the data based on either my timezone or realtime (from any site no matter the time zone)?
Yes, it does.
See http://www.joda.org/joda-time/timezones.html for a comprehensive list of supported timezones.
Those two things have nothing to do with each other.
Ideally, all sources would send their messages with a UTC timestamp (see http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html and https://blog.serverdensity.com/set-your-server-timezone-to-utc/ for a rationale), but you should be able to see all logs, no matter what timezone you’ve configured.
No, but you can use the absolute time range or the keyword time range (“from 1 hour ago to in 3 hours”) for this.
This sounds like a misconfiguration or misinterpretation of the timestamps in your messages.
You should use the message processing pipelines or extractors to correct the timestamps:
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.