Time zone inconsistency

Follow
Avatar
Bartu Basman

Hi,

The timestamp extraction seems to be working, although the time zone is somehow inconsistent. I checked the time zone settings in the collection. The collector default is being used for time stamp. The server and MySQL both have the correct time and the correct time zone (which is +0200). But in the log search it changes to +0100 from +0200 and shows the time an hour ahead. What could be the problem?

Thanks.

0

Comments

1 comment

Sort by Date Votes
  • Official comment
    Avatar
    Raghu Murthy

    Hi Bartu,

     

    The collector default is UTC timezone. Therefore in the first message the entry of "171212 14:28:18" is interpreted with a time stamp format of "yyMMdd HH:mm:ss". Consequently Sumo interprets the message time as Dec 12 2017 14:28:18 UTC and in your user account which has UTC+0100 the message time is displayed as Dec 12 2017 15:28:18 UTC+0100.

     

    You can go to the Collection dashboard by going Manage Data -> Collection in the side nav bar and find the collector in question , hover to the right and click on Edit Collector and change the collector default to the correct timezone according to the timezone the server is on. After that the message time and receipt times should be comparable when you search with "Use Receipt time" checked as long as there is not much ingestion latency

     

    Hope that helps

     

    Regards

    Raghu

     

     

    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post