Closed nshah14285 closed 6 years ago
joschi
commented
6 years ago @nshah14285 I think everything is fine. The timestamp in the nginx log message is supposed to be UTC.
Graylog (or rather this content pack) extracted the correct timestamp (2017-12-01T08:01:04.000Z) and displays it in your custom timezone (Europe/Berlin is currently GMT+1).
If you think that's incorrect, you could write a pipeline rule to set the "timestamp" field to another timezone.
nshah14285
commented
6 years ago Timestamp stored in nginx_error_log file is 'Europe/Berlin' and not 'UTC' on source server.
There are logs captured in nginx_error log file on source server after 2017/12/01 09:01:04 but in graylog it gets delayed by 1 hour due to some timestamp issue. So the error message of 2017/12/01 10:01:04 will be displayed when graylog timestamp is 2017-12-01 11:01:04.
So don't know where exactly the issue is.
Any idea?
joschi
commented
6 years ago As I wrote before, when the timezone information is missing, Graylog expects the timestamps to be in UTC.
We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our discussion forum or join the #graylog channel on freenode IRC.
Thank you!
nshah14285
commented
6 years ago OK, next time onwards, I will post the issue in discussion forum. I was not aware about that.
Thank You.
Any idea, why timestamp is showing different in nginx_error log. Timezone set on graylog server and source server is 'Europe/Berlin'. As per attached screenshot, Graylog shows 1 hour late logs of nginx_error inside stream messages.
Rest of the nginx logs time are coming properly except nginx error log time.
Please find attached file.
Thanks, Nishit Shah