Page 1 of 1
how do I cange the syslog timestamps?
Posted: Mon Jun 01, 2020 10:02 am
by benhank
Iv'e noticed that NLS will show a timestamp of :
2020-06-01T14:58:20.538Z
But the time stamp of the actual syslog message will be different:
<30>Jun 1 10:58:20
How do I make the timestamp that was generated when the logfile was created the timestamp that is used by NLS?
Re: how do I cange the syslog timestamps?
Posted: Mon Jun 01, 2020 10:47 am
by scottwilkerson
The Z at the end of the timestamp indicated it is showing UTC time which all logs are saved as.
If you are looking at a dashboard able view, you can click the gear icon (configure) top right of the table, then click the Panel tab
Check the "local time" checkbox
Save
This will display the time in you local time instead of UTC
You can then save the dashboard to have it always display this way
Re: how do I cange the syslog timestamps?
Posted: Mon Jun 01, 2020 11:58 am
by benhank
That box was already checked but there is still a 4 hour delay:
timestanp.png
Re: how do I cange the syslog timestamps?
Posted: Mon Jun 01, 2020 12:03 pm
by scottwilkerson
benhank wrote:That box was already checked but there is still a 4 hour delay:
timestanp.png
Oh, yes, it is only changed in the table column (before expanding seen in you screenshot just above
View: Table / JSON / Raw), but, when you expand it shows the actual record in Elasticsearch
as far as I am aware there is no way to change this.
Re: how do I cange the syslog timestamps?
Posted: Mon Jun 01, 2020 2:54 pm
by benhank
ok you can lock this then .
Re: how do I cange the syslog timestamps?
Posted: Mon Jun 01, 2020 3:00 pm
by scottwilkerson
benhank wrote:ok you can lock this then .
Locking thread