timezone issue

Follow
Avatar
Adam Juntunen

I have log data coming from tomcat and i'm using a json file to import the data to sumo.  I'm in central time and the data displays as if it's in UTC even though it's in central time.  So my data always shows up 5 hours behind.  It comes in the correct time for my apache logfiles, it's just the tomcat ones I have an issue with.

data is in this format yyyy-MM-dd HH:mm:ss,SSS

so it should be easily digested by the Java SimpleDateFormat library.  I thought it was obvious that I needed to just add "TimeZone:"America/Chicago"

I tried that and it still comes in 5 hours behind.  so I tried adding "forceTimeZone":true

But it still comes in 5 hours behind.

here's an example log entry.  Sumo Time column says 8:36 am but it was 1:36 pm

2018-05-04 13:36:35,079 INFO  [wt.jmx.core.SharedScheduledExecutor.worker] com.infoengine.jndi.DirContextMonitor.stats.summary  - ServiceName=com.starkey.Ldap, IntervalSeconds=602.208, TotalContexts=104, ErrorCount=0, ContextsPerSecond=0.17269780540942664, AverageContextSeconds=6.842416346153846E-4, LongestContextSeconds=0.004198935, AverageActiveContexts=1.1805268943620809E-4, MaxActiveContexts=1

here is my json file for import
{
 "api.version":"v1",
 "source":{
 "name":"WindchillLogs",
 "description":"Windchill Methodserver Logs",
 "category":"prod/app/windchill/methodserver",
 "automaticDateParsing":true,
 "multilineProcessingEnabled":true,
 "useAutolineMatching":true,
 "forceTimeZone":true,
 "TimeZone":"America/Chicago",
 "filters":[],
 "cutoffRelativeTime":"-1d",
 "encoding":"UTF-8",
 "pathExpression":"/opt/app1/logs/*log4j.log",
 "sourceType":"LocalFile"
 }
}

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Adam Juntunen
    • Edited

    I tried adding | _format as timestampformat

    and it came back "full" meaning it interpreted the timestamp fully.  here is the output of | _format as timestampformat

    # Time timestampformat Message
    1 05/04/2018
    08:47:52.993 -0500
    t:full:o:0:l:23:p:yyyy-MM-dd HH:mm:ss,SSS
    		 
    2018-05-04 13:47:52,993 INFO  [wt.
    0
    Comment actions Permalink
  • Avatar
    Adam Juntunen

    This is sort of obvious, but the issue is that it's totally ignoring 

    "TimeZone":"America/Chicago",

    I've tried changing that to 

    "TimeZone":"America/Los_Angeles",

    and you would think it should change the timestamp by a few hours, but it's exactly the same

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post