-
What Grafana version and what operating system are you using?
v9.3.2 (21c1d14e91) -
What are you trying to achieve?
timeshift on a table to account for Central timezone -
How are you trying to achieve it?
timeshift on the table itself, for some reason setting the timezone doesn’t maniplate the time -
What happened?
I have two tables that are parsing similar logs in the same format coming from the same source (pfsense) one table is firewall logs and one table is suricata IDS logs. Both tables are parsing correctly and have the time column shown correctly with the YYYY/MM/DD HH:mm:ss format. -
What did you expect to happen?
Since the one table worked by using the timeshift option for the table I figured the second table would behave in a similar manner but it doesn’t change when I timeshift it. -
Can you copy/paste the configuration(s) that you are having problems with?
"timeShift": "6h",
"title": "Firewall Logs",
"transformations": [
{
"id": "extractFields",
"options": {
"format": "json",
"replace": false,
"source": "A"
}
},
{
"id": "organize",
"options": {
"excludeByName": {
"A": true,
"_id": true,
"_index": true,
"_type": true,
"ack": true,
"application_name": true,
"class": true,
"data_length": true,
"dst_ip_as_number": true,
"dst_ip_geo_city": true,
"dst_ip_geo_coordinates": true,
"dst_ip_geo_country": true,
"dst_ip_geo_country_iso": true,
"dst_ip_geo_region": true,
"dst_ip_geo_timezone": true,
"dst_ip_geolocation": true,
"dst_ip_reserved_ip": true,
"dst_service": true,
"facility": true,
"facility_num": true,
"flags": true,
"flow_label": true,
"gl2_accounted_message_size": true,
"gl2_message_id": true,
"gl2_remote_ip": true,
"gl2_remote_port": true,
"gl2_source_input": true,
"gl2_source_node": true,
"highlight": true,
"hop_limit": true,
"id": true,
"interface": true,
"ip_version": true,
"length": true,
"level": true,
"message": true,
"offset": true,
"protocol_id": true,
"reason": true,
"rule_number": true,
"sequence": true,
"sort": true,
"source": true,
"src_ip_as_number": true,
"src_ip_geo_city": true,
"src_ip_geo_coordinates": true,
"src_ip_geo_country": true,
"src_ip_geo_country_iso": true,
"src_ip_geo_region": true,
"src_ip_geo_timezone": true,
"src_ip_geolocation": true,
"src_ip_reserved_ip": true,
"src_service": true,
"streams": true,
"tcp_flags": true,
"tos": true,
"tracker": true,
"ttl": true,
"window": true
},
"indexByName": {
"A": 11,
"_id": 12,
"_index": 14,
"_type": 13,
"action": 6,
"application_name": 27,
"data_length": 47,
"direction": 7,
"dst_ip": 2,
"dst_ip_city_name": 9,
"dst_ip_country_code": 22,
"dst_ip_geolocation": 39,
"dst_port": 4,
"dst_service": 26,
"facility": 45,
"facility_num": 44,
"flags": 20,
"gl2_accounted_message_size": 34,
"gl2_message_id": 40,
"gl2_remote_ip": 18,
"gl2_remote_port": 19,
"gl2_source_input": 24,
"gl2_source_node": 31,
"highlight": 16,
"id": 32,
"interface": 25,
"ip_version": 28,
"length": 38,
"level": 36,
"message": 42,
"offset": 35,
"protocol": 5,
"protocol_id": 41,
"reason": 17,
"rule_number": 21,
"sequence": 48,
"sort": 15,
"source": 23,
"src_ip": 1,
"src_ip_city_name": 8,
"src_ip_country_code": 10,
"src_ip_geolocation": 33,
"src_port": 3,
"src_service": 50,
"streams": 37,
"tcp_flags": 46,
"timestamp": 0,
"tos": 30,
"tracker": 29,
"ttl": 43,
"window": 49
},
"renameByName": {
"action": "Action",
"direction": "Direction",
"dst_ip": "Destination IP",
"dst_ip_as_organization": "Destination Organization",
"dst_ip_city_name": "Destination City",
"dst_ip_country_code": "Destination Country",
"dst_ip_geo_name": "Destination Geolocation",
"dst_port": "Destination Port",
"interface": "Interface",
"protocol": "Protocol",
"src_ip": "Source IP",
"src_ip_as_organization": "Source Organization",
"src_ip_city_name": "Source City",
"src_ip_country_code": "Source Country",
"src_ip_geo_name": "Source Geolocation",
"src_port": "Source Port",
"timestamp": "Time"
}
}
},
{
"id": "convertFieldType",
"options": {
"conversions": [
{
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"destinationType": "time",
"targetField": "Time"
}
],
"fields": {}
}
}
],
"transparent": true,
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$IDS_Datasource"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"displayMode": "auto",
"inspect": false,
"minWidth": 50
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "priority"
},
"properties": [
{
"id": "mappings",
"value": [
{
"options": {
"1": {
"color": "red",
"index": 2
},
"2": {
"color": "orange",
"index": 1
},
"3": {
"color": "green",
"index": 0
}
},
"type": "value"
}
]
},
{
"id": "custom.displayMode",
"value": "color-background-solid"
}
]
},
{
"matcher": {
"id": "byName",
"options": "description"
},
"properties": [
{
"id": "custom.width",
"value": 500
}
]
},
{
"matcher": {
"id": "byName",
"options": "timestamp"
},
"properties": [
{
"id": "custom.width",
"value": 200
}
]
},
{
"matcher": {
"id": "byName",
"options": "Source IP"
},
"properties": [
{
"id": "custom.width"
}
]
}
]
},
"gridPos": {
"h": 14,
"w": 24,
"x": 0,
"y": 31
},
"hideTimeOverride": true,
"id": 26,
"links": [],
"options": {
"footer": {
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "9.3.2",
"targets": [
{
"alias": "",
"bucketAggs": [],
"datasource": {
"type": "elasticsearch",
"uid": "JoQM_Ofnk"
},
"dsType": "elasticsearch",
"hide": false,
"metrics": [
{
"id": "1",
"settings": {
"size": "500"
},
"type": "raw_document"
}
],
"query": "application_name:suricata AND dst_port:$dst_port AND src_ip:$src_ip AND dst_ip:$wan_ip",
"refId": "A",
"timeField": "timestamp"
}
],
"timeShift": "6h",
"title": "IDS Alert Log",
"transformations": [
{
"id": "extractFields",
"options": {
"format": "json",
"replace": false,
"source": "A"
}
},
{
"id": "organize",
"options": {
"excludeByName": {
"A": true,
"BASE10NUM": true,
"IPV4": true,
"IPV4_city_name": true,
"IPV4_country_code": true,
"IPV4_geolocation": true,
"_id": true,
"_index": true,
"_type": true,
"application_name": true,
"classification": true,
"description": false,
"dst_ip_as_number": true,
"dst_ip_geo_city": true,
"dst_ip_geo_coordinates": true,
"dst_ip_geo_country": true,
"dst_ip_geo_country_iso": true,
"dst_ip_geo_region": true,
"dst_ip_geo_timezone": true,
"dst_ip_geolocation": true,
"dst_ip_reserved_ip": true,
"facility": true,
"facility_num": true,
"gl2_accounted_message_size": true,
"gl2_message_id": true,
"gl2_processing_error": true,
"gl2_remote_ip": true,
"gl2_remote_port": true,
"gl2_source_input": true,
"gl2_source_node": true,
"highlight": true,
"ips": true,
"level": true,
"message": true,
"sort": true,
"source": true,
"src_ip_as_number": true,
"src_ip_geo_city": true,
"src_ip_geo_coordinates": true,
"src_ip_geo_country": true,
"src_ip_geo_country_iso": true,
"src_ip_geo_region": true,
"src_ip_geo_timezone": true,
"src_ip_geolocation": true,
"src_ip_reserved_ip": true,
"streams": true
},
"indexByName": {
"A": 36,
"BASE10NUM": 19,
"IPV4": 27,
"_id": 12,
"_index": 14,
"_type": 13,
"application_name": 23,
"classification": 30,
"description": 7,
"dst_ip": 2,
"dst_ip_city_name": 9,
"dst_ip_country_code": 11,
"dst_ip_geolocation": 34,
"dst_ip_reserved_ip": 37,
"dst_port": 4,
"facility": 33,
"facility_num": 32,
"gl2_accounted_message_size": 25,
"gl2_message_id": 29,
"gl2_remote_ip": 17,
"gl2_remote_port": 18,
"gl2_source_input": 21,
"gl2_source_node": 24,
"highlight": 16,
"ips": 31,
"level": 26,
"message": 22,
"priority": 6,
"protocol": 5,
"sort": 15,
"source": 20,
"src_ip": 1,
"src_ip_city_name": 8,
"src_ip_country_code": 10,
"src_ip_geolocation": 35,
"src_ip_reserved_ip": 38,
"src_port": 3,
"streams": 28,
"timestamp": 0
},
"renameByName": {
"dst_ip": "Destination IP",
"dst_ip_as_organization": "Destination Organization",
"dst_ip_city_name": "Destination City",
"dst_ip_country_code": "Destination Country",
"dst_ip_geo_name": "Destination GeoLocation",
"dst_port": "Destination Port",
"message": "",
"priority": "Priority",
"protocol": "Protocol",
"src_ip": "Source IP",
"src_ip_as_organization": "Source Organization",
"src_ip_city_name": "Source City",
"src_ip_country_code": "Source Country",
"src_ip_geo_name": "Source GeoLocation",
"src_port": "Source Port",
"timestamp": "Time"
}
}
},
{
"id": "convertFieldType",
"options": {
"conversions": [
{
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"destinationType": "time",
"targetField": "Time"
}
],
"fields": {}
}
}
],
"transparent": true,
"type": "table"
-
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
No errors -
Did you follow any online instructions? If so, what is the URL?
PFsense Firewall and IDS | Grafana Labs