grok parsefalure

Post by **WillemDH** » Fri Mar 20, 2015 9:57 am

Hey Jesse,

The remove_tag command did work.

I guess this is ok for me. Could you just have a look at my question earlier in this thread concerning the timestamp being one hour off?

Grtz

jolson · Post by **jolson** » Fri Mar 20, 2015 10:07 am

Please run the following, using your appropriate timezone after the '-z' argument:

Code: Select all

/usr/local/nagioslogserver/scripts/change_timezone.sh -z America/Example

This will set an appropriate time for the logstash Daemon - let me know if this helps to fix your issue. Thanks Willem!

Post by **WillemDH** » Thu Mar 26, 2015 6:49 am

Jesse,

Done. I'll see if it helps and let you know.

Grtz

jolson · Post by **jolson** » Thu Mar 26, 2015 9:14 am

Sounds great, thanks Willem.

Post by **WillemDH** » Sat Mar 28, 2015 9:21 am

Jesse,

Seem I still have some one hour off timestamps.. Check screenshot:

The strange thing it that it's only wrong in the expanded detail @timestamp

A bug?

Grtz

Willem

scottwilkerson · Post by **scottwilkerson** » Mon Mar 30, 2015 9:03 am

The expanded @timestamp is showing the time ending in Z which is GMT and +1 hour from your actual timezone.

Post by **WillemDH** » Mon Mar 30, 2015 2:47 pm

Ah Sry I didn't knew that. So whenever I see a timestamp with trailing Z, this is always in GMT + 1?

Grtz

Willem

jolson · Post by **jolson** » Mon Mar 30, 2015 4:07 pm

'Z' stands for Zulu time, which is also GMT and UTC. This means that if you see a trailing 'Z', the time will always match GMT.

Post by **WillemDH** » Mon Mar 30, 2015 4:26 pm

ok, thanks for the info. This thread can be closed.

jolson · Post by **jolson** » Mon Mar 30, 2015 4:28 pm

Great - thanks Willem!

Nagios Support Forum

grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure

Re: grok parsefalure