Hi, you can extract the timestamp from your "Event Data" and override the message timestamp using extractors: http://docs.graylog.org/en/2.1/pages/extractors.html
Cheers, Jochen On Friday, 9 September 2016 16:21:12 UTC+2, [email protected] wrote: > > Hello There, > > > Concerning log ingestion time stamps, we notice that the log entry > timestamp and the event time stamp stamp don't quite match. At this point > it really only seems to be off by a few milliseconds. I'm assuming that the > log time stamp is the time the log was ingested into graylog (we used nxlog > with collector-sidecar). Just wanted to check in to see if there is > something in our configuration we could have done differently to tighten up > the difference? > > > > <https://lh3.googleusercontent.com/-lT1HPSRlwu4/V9LE0jeSEfI/AAAAAAAAAAM/fwhUk0-BQk4vFbZ9VcQt3Vu_LG4mDGjKwCLcB/s1600/Graylogtimestamp.png> > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/65c002ed-f2f1-461b-8efe-e906e2879f13%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
