Add local timestamp to event #3622
Conversation
|
Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run. |
1 similar comment
|
Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run. |
How are you using the local timestamp? In what ways is it more useful than UTC timestamp? |
|
For example, you can build a query to check if a user tried to login into the machine in a strange time (say 02:00AM). For this, you have to know what the local time of the machine is (and the network might span a number of timezones, so we can't assume to know the timezone of a specific machine). Another example is monitoring heavy background processes which are configured to run only at night, and we want to make sure they run at the configured time correctly. |
|
Those are similar to the reasons I was thinking this would be useful information. We had another request for timezone info in #2887. I think we should consider a more general approach (in libbeat) that allows this to be added in any Beat where a user wants it (as determined via configuration). @elastic/beats WDYT about an optional local timestamp? |
|
@andrewkroh +1 on having a "processor" or something similar for this. Then we can nest it under its own namespace and have it extendable with additional info. |
|
@ohadravid Thank you for your PR. It seems that there is an interest in finding the local timestamp. We had a short discussion between us and decided that a better solution would be to export the |
Hi!
I want to add a tiny change to the wineventlog.
Currently only the UTC time (which is saved in the event xml) is included in the event.
It is very useful to also get the event time in the local timezone of the computer.
This is the same behavior as the Windows Event Viewer (shows the event local time).