Nagios Support Forum

In the attached screenshot pls have a look in the timestamps. 1 & 3 are ok but 2 is 3hrs back. Where this timestamp refers too and can this be altered to align with the others i.e. the correct time

Thanx

Timestamps are definitely a confusing part of using Nagios Log Server, and I hope to clarify some of that here.

When NLS receives a log, it will timestamp it in UTC. Logstash's documentationsays it best:

Logstash will choose a timestamp based on the first time it sees the event (at input time), if the timestamp is not already set in the event. For example, with file input, the timestamp is set to the time of each read.

The UTC timestamp is displayed in the '@timestamp' field.

When you're viewing logs from the Web GUI of Nagios Log Server, the timestamp will be adjusted depending on the timezone of your local machine. That is why the logs appear to have 3 hours added to them - this is compensating for your timezone to make the logs more sensible from your perspective. Does that make sense?

I attach 3 screenshots.
From the same dashboard I do the same search for string "cvarvares" but from 2 different places (as you can see in screenshot timestamp_search.JPG)
When I search from the search entry next to "+LogSource" I get the UTC @timestamps as seen on screenshot timestamp_value_1.JPG
When I search through the search entry under "?Load Query? I get 2 different @timestamp values as seen on screenshot timestamp_value_2.JPG.

What my users ask is in all the places all date related values to be on the current timezone and therefore time as the local machine which hosts NLS.

Thanx s lot.

Interesting find - I have reproduced this on my end, and I believe that it's a bug. I have submitted a bug report internally (Task ID 5849).

Thanx close the thread