Forum Discussion
Solved
Syslog data connectors and local time zones
Is there a way of adding a local time zone to a syslog data connector to ensure Azure Sentinel is using the correct time? Can the Linux agent https://docs.microsoft.com/en-us/azure/sentinel/conne...
JMROWE The agent doesn't do any translation so you would need to either do this on the Linux server before the syslog agent acquires it, use something like logstash on the Linux box to add a new column with the location time, or add a new column for local time when performing your query.
This page has more on using KQL to perform operations on dates
https://docs.microsoft.com/en-us/azure/kusto/query/datetime-timespan-arithmetic
JMROWE The agent doesn't do any translation so you would need to either do this on the Linux server before the syslog agent acquires it, use something like logstash on the Linux box to add a new column with the location time, or add a new column for local time when performing your query.
This page has more on using KQL to perform operations on dates
https://docs.microsoft.com/en-us/azure/kusto/query/datetime-timespan-arithmetic