Hey there
is it possible to change which fields are shown in the Device -> Logs -> Graylog?
My problem is that in the syslog msg i have 2 timestamps, i have Timestamp, and timestamp.
Af default it shows “Timestamp”, which is the time from the device, and i want the “timestamp” which is the time for the syslog server recieved the message (some of my devices cant handle timezones correctly, and/or summer/winther time).
anyone using graylog with librenms?
i have the graylog in libre working fine. i now want to trigger an event whenever %syslog.msg LIKE @running@ but nothing happens? i’ve tried appending an %syslog.timestamp >= %macros.past_5m without any luck. time is correct on the syslog message, but i think my problem is that its a graylog not a std. syslog server?
2 seperate cases?
No? Seems like that the double time stamps is whats causing your alert rule to not work because you have two time tables.
time seems right after i’ve set the graylog/timezone setting in the config, well i will mess around a little more with it, thanks for the pointers 