Nagios Support Forum

Hi All
We are using 2 Nagios Log Server Instances Version 1.4.0 (VM appliance)
I have a confusion with the @timestamp field.
But beforehand some information.
The NLG VM have their date set as follow: Wed Aug 3 10:49:38 CEST 2016
The configuration under Administrator->Global Settings->Cluster Timezone is set to (UTC+01:00) Bern
The monitored Server sending the logs has it's date set as follow: Wed Aug 3 08:51:15 UTC 2016
That said my problem is the following.
The monitored Server is sending at ex. 10:52 (local Swiss Time) the Log record.
Nagios Log Server displays on the field @timestamp 2016-08-03T08:52:09.000+02:00.
When I open the event, the field @timestamp changes to 2016-08-03T06:52:09.000Z
Why that?
Can someone bring some light in this problem.
Thank you in advance for your help.

Elasticsearch stores time using UTC. When you drill down, you're looking at the raw Elasticsearch entry which is why the timestamp changes to UTC (instead of your local offset of +01:00). This is expected behavior.

First box shows my local time, drilling down shows UTC:
Does that answer your question?

Not quite.
The attached event was received at 08:23 am local time.
As you can see the field @timestamp is 06:23...+02:00 and the value in it 04:23...Z.
Should the field @timestamp not be populated with 08:23...+02:00 and the value in it 06:23...Z?
Thank you.

What's the output of a date command on the server? Does it match up with what the logs are showing in the interface?

Date on Nagios Log Server : Fri Aug 5 09:32:54 CEST 2016
Date on the Log sending Server: Fri Aug 5 07:33:38 UTC 2016
Cluster Timezone configuration on Nagios Log Server: (UTC+01:00) Bern

NLS adjusts the @timestamp field based on your system / browser settings as @mcapra mentioned with your offset, and then when you 'dig' down, it will show the UTC time. You might not be using the correct offset or a manually set time.

I just tested on two machines, one which is in Europe and the other here in US. Both are reporting the time as expected. Hopefully this helps -
How is your time set on your PC? The only weird issue I could think of, is if you had a load balancer in front of the NLS cluster that was passing a different time. Are you running a load balancer in front of your cluster?