Nagios Support Forum

Edited an existing query to change the EventID being searched on. When I refreshed the query, the @timestamp that used to dispay date:time-400 now just shows date:timeZ(zulu)

Does it just take NLS to change the query timestamp or is this a bug like I read in another thread?

I have a test system running out latest development revision, and it is not experiencing this behavior.

I am having trouble reproducing this problem on a test box at version 2015R1.4. Can you give me some detailed instructions please?

It's likely that this bug will be fixed in our next revision, which is due to be released shortly.

Honestly that is the best way I can describe it.

I had a saved query that searched a group of hosts for a particular eventid. Everything in the even list showed normally including timestamp with the proper -400. I went in and edited the EventID to search for and saved the query. Now when I run the query the @timestamp now longer shows -400 at the end, but Z and the time is 4 hours ahead.

Like when editing the query it starting to ignore UTC.

Maybe it just takes logstash or elastic search some time to update all the timestamps in the query.

We will see.

Also out of curiosity.. where does NLS keep the user created queries in the filesystem? I would like to see one in the raw if that makes sense.

Also out of curiosity.. where does NLS keep the user created queries in the filesystem?

You can see the queries you have stored with the following command: curl -XGET 'http://localhost:9200/nagioslogserver/_ ... ery&pretty'

I still cannot reproduce your problem. I would say that you should wait for our release in the next week or so - it may resolve your issue. The reason I think that is because I finished testing a bugfix similar to your issue. That bugfix will be included in the release I mentioned above.

Thank you very much. I will wait for the update.

You can close this ticket.