timezone issue
I have log data coming from tomcat and i'm using a json file to import the data to sumo. I'm in central time and the data displays as if it's in UTC even though it's in central time. So my data always shows up 5 hours behind. It comes in the correct time for my apache logfiles, it's just the tomcat ones I have an issue with.
data is in this format yyyy-MM-dd HH:mm:ss,SSS
so it should be easily digested by the Java SimpleDateFormat library. I thought it was obvious that I needed to just add "TimeZone:"America/Chicago"
I tried that and it still comes in 5 hours behind. so I tried adding "forceTimeZone":true
But it still comes in 5 hours behind.
here's an example log entry. Sumo Time column says 8:36 am but it was 1:36 pm
2018-05-04 13:36:35,079 INFO [wt.jmx.core.SharedScheduledExecutor.worker] com.infoengine.jndi.DirContextMonitor.stats.summary - ServiceName=com.starkey.Ldap, IntervalSeconds=602.208, TotalContexts=104, ErrorCount=0, ContextsPerSecond=0.17269780540942664, AverageContextSeconds=6.842416346153846E-4, LongestContextSeconds=0.004198935, AverageActiveContexts=1.1805268943620809E-4, MaxActiveContexts=1
here is my json file for import
{
"api.version":"v1",
"source":{
"name":"WindchillLogs",
"description":"Windchill Methodserver Logs",
"category":"prod/app/windchill/methodserver",
"automaticDateParsing":true,
"multilineProcessingEnabled":true,
"useAutolineMatching":true,
"forceTimeZone":true,
"TimeZone":"America/Chicago",
"filters":[],
"cutoffRelativeTime":"-1d",
"encoding":"UTF-8",
"pathExpression":"/opt/app1/logs/*log4j.log",
"sourceType":"LocalFile"
}
}
-
I tried adding | _format as timestampformat
and it came back "full" meaning it interpreted the timestamp fully. here is the output of | _format as timestampformat
# Time timestampformat Message 1 05/04/2018
08:47:52.993 -0500t:full:o:0:l:23:p:yyyy-MM-dd HH:mm:ss,SSS2018-05-04 13:47:52,993 INFO [wt.
Please sign in to leave a comment.
Comments
2 comments