I have a network device sending syslog messages to graylog (graylog-web-interface v1.2.2 (91c7822) (Oracle Corporation 1.8.0_60 / Linux 3.19.0-25-generic) on graylog)
However, the messages are "delayed" as graylog appears to be reading in the enclosed UTC timestamp from the syslog message, and ignoring the time the message was delivered. I've created a date extractor, but that simply creates a new field with the correct timestamp, and doesn't ultimately solve my problem of delayed messages showing up in the graylog interface. This github thread summarizes my problem very closely: https://github.com/Graylog2/graylog2-server/issues/1258 The date normalizer method recommended there doesn't seem to fix what I'm seeing. My graylog timezone configuration, I think, is set up properly: <https://lh3.googleusercontent.com/-gg-7eJxQMgs/VjPNmA6DrCI/AAAAAAAADV8/wxVQBKbycAg/s1600/Screen%2BShot%2B2015-10-30%2Bat%2B2.05.34%2BPM.png> I've found interesting results on the allow_override_syslog_date option, but nothing in recent graylog versions seem to indicate this is a configurable item. At this point, I'm stuck and am not clear where else to look. Thanks -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/574b2272-d1f6-4799-823e-4297e1ff5238%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
