You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is more of a request instead of an issue, but there may also be some underlying bug at work. I have been fighting with weird time stamp issues when using the connector and think it would be a good idea to make it optional for Graylog to add a leading time stamp to each log. This will allow for Splunk to parse the stamp on its own and will keep the raw log in its original form. Actually, it may even be desirable to omit the time stamp addition entirely to preserve the raw log data.
The challenge I had today was an issue where a FirePower log had a time stamp in the raw data and Graylog seemed to correctly parse it and display the logs during a search, but the data sent to Splunk had a leading stamp that was +4 UTC. It was like Graylog assumed the stamp it parsed was -4 UTC and it added 4 to output UTC time. This was incorrect and made the leading stamp +8 more than the correct time.
The text was updated successfully, but these errors were encountered:
This is more of a request instead of an issue, but there may also be some underlying bug at work. I have been fighting with weird time stamp issues when using the connector and think it would be a good idea to make it optional for Graylog to add a leading time stamp to each log. This will allow for Splunk to parse the stamp on its own and will keep the raw log in its original form. Actually, it may even be desirable to omit the time stamp addition entirely to preserve the raw log data.
The challenge I had today was an issue where a FirePower log had a time stamp in the raw data and Graylog seemed to correctly parse it and display the logs during a search, but the data sent to Splunk had a leading stamp that was +4 UTC. It was like Graylog assumed the stamp it parsed was -4 UTC and it added 4 to output UTC time. This was incorrect and made the leading stamp +8 more than the correct time.
The text was updated successfully, but these errors were encountered: