Page 3 of 3
Re: grok parsefalure
Posted: Fri Mar 20, 2015 9:57 am
by WillemDH
Hey Jesse,
The remove_tag command did work.
I guess this is ok for me. Could you just have a look at my question earlier in this thread concerning the timestamp being one hour off?
Grtz
Re: grok parsefalure
Posted: Fri Mar 20, 2015 10:07 am
by jolson
Please run the following, using your appropriate timezone after the '-z' argument:
Code: Select all
/usr/local/nagioslogserver/scripts/change_timezone.sh -z America/Example
This will set an appropriate time for the logstash Daemon - let me know if this helps to fix your issue. Thanks Willem!
Re: grok parsefalure
Posted: Thu Mar 26, 2015 6:49 am
by WillemDH
Jesse,
Done. I'll see if it helps and let you know.
Grtz
Re: grok parsefalure
Posted: Thu Mar 26, 2015 9:14 am
by jolson
Sounds great, thanks Willem.
Re: grok parsefalure
Posted: Sat Mar 28, 2015 9:21 am
by WillemDH
Jesse,
Seem I still have some one hour off timestamps.. Check screenshot:
The strange thing it that it's only wrong in the expanded detail @timestamp
A bug?
Grtz
Willem
Re: grok parsefalure
Posted: Mon Mar 30, 2015 9:03 am
by scottwilkerson
The expanded @timestamp is showing the time ending in Z which is GMT and +1 hour from your actual timezone.
Re: grok parsefalure
Posted: Mon Mar 30, 2015 2:47 pm
by WillemDH
Ah Sry I didn't knew that. So whenever I see a timestamp with trailing Z, this is always in GMT + 1?
Grtz
Willem
Re: grok parsefalure
Posted: Mon Mar 30, 2015 4:07 pm
by jolson
'Z' stands for Zulu time, which is also GMT and UTC. This means that if you see a trailing 'Z', the time will always match GMT.
Re: grok parsefalure
Posted: Mon Mar 30, 2015 4:26 pm
by WillemDH
ok, thanks for the info. This thread can be closed.
Re: grok parsefalure
Posted: Mon Mar 30, 2015 4:28 pm
by jolson
Great - thanks Willem!