Thank you, Jochen. I'll dig into this, hopefully I'll get it figured out! New to graylog & extractors.
Kathleen On Friday, September 9, 2016 at 9:55:49 AM UTC-5, Jochen Schalanda wrote: > > Hi, > > you can extract the timestamp from your "Event Data" and override the > message timestamp using extractors: > http://docs.graylog.org/en/2.1/pages/extractors.html > > Cheers, > Jochen > > On Friday, 9 September 2016 16:21:12 UTC+2, [email protected] wrote: >> >> Hello There, >> >> >> Concerning log ingestion time stamps, we notice that the log entry >> timestamp and the event time stamp stamp don't quite match. At this point >> it really only seems to be off by a few milliseconds. I'm assuming that the >> log time stamp is the time the log was ingested into graylog (we used nxlog >> with collector-sidecar). Just wanted to check in to see if there is >> something in our configuration we could have done differently to tighten up >> the difference? >> >> >> >> <https://lh3.googleusercontent.com/-lT1HPSRlwu4/V9LE0jeSEfI/AAAAAAAAAAM/fwhUk0-BQk4vFbZ9VcQt3Vu_LG4mDGjKwCLcB/s1600/Graylogtimestamp.png> >> >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ce502eba-c1d3-475d-8426-04cd0dc98f51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
