In the attached screenshot pls have a look in the timestamps. 1 & 3 are ok but 2 is 3hrs back. Where this timestamp refers too and can this be altered to align with the others i.e. the correct time
Thanx
Timestamp question
Re: Timestamp question
Timestamps are definitely a confusing part of using Nagios Log Server, and I hope to clarify some of that here.
When NLS receives a log, it will timestamp it in UTC. Logstash's documentationsays it best:
When you're viewing logs from the Web GUI of Nagios Log Server, the timestamp will be adjusted depending on the timezone of your local machine. That is why the logs appear to have 3 hours added to them - this is compensating for your timezone to make the logs more sensible from your perspective. Does that make sense?
When NLS receives a log, it will timestamp it in UTC. Logstash's documentationsays it best:
The UTC timestamp is displayed in the '@timestamp' field.Logstash will choose a timestamp based on the first time it sees the event (at input time), if the timestamp is not already set in the event. For example, with file input, the timestamp is set to the time of each read.
When you're viewing logs from the Web GUI of Nagios Log Server, the timestamp will be adjusted depending on the timezone of your local machine. That is why the logs appear to have 3 hours added to them - this is compensating for your timezone to make the logs more sensible from your perspective. Does that make sense?
Re: Timestamp question
I attach 3 screenshots.
From the same dashboard I do the same search for string "cvarvares" but from 2 different places (as you can see in screenshot timestamp_search.JPG)
When I search from the search entry next to "+LogSource" I get the UTC @timestamps as seen on screenshot timestamp_value_1.JPG
When I search through the search entry under "?Load Query? I get 2 different @timestamp values as seen on screenshot timestamp_value_2.JPG.
What my users ask is in all the places all date related values to be on the current timezone and therefore time as the local machine which hosts NLS.
Thanx s lot.
From the same dashboard I do the same search for string "cvarvares" but from 2 different places (as you can see in screenshot timestamp_search.JPG)
When I search from the search entry next to "+LogSource" I get the UTC @timestamps as seen on screenshot timestamp_value_1.JPG
When I search through the search entry under "?Load Query? I get 2 different @timestamp values as seen on screenshot timestamp_value_2.JPG.
What my users ask is in all the places all date related values to be on the current timezone and therefore time as the local machine which hosts NLS.
Thanx s lot.
Re: Timestamp question
Interesting find - I have reproduced this on my end, and I believe that it's a bug. I have submitted a bug report internally (Task ID 5849).
Re: Timestamp question
Thanx close the thread