Forum Discussion
Syslog data connectors and local time zones
JMROWE The agent doesn't do any translation so you would need to either do this on the Linux server before the syslog agent acquires it, use something like logstash on the Linux box to add a new column with the location time, or add a new column for local time when performing your query.
This page has more on using KQL to perform operations on dates
https://docs.microsoft.com/en-us/azure/kusto/query/datetime-timespan-arithmetic
JMROWE The agent doesn't do any translation so you would need to either do this on the Linux server before the syslog agent acquires it, use something like logstash on the Linux box to add a new column with the location time, or add a new column for local time when performing your query.
This page has more on using KQL to perform operations on dates
https://docs.microsoft.com/en-us/azure/kusto/query/datetime-timespan-arithmetic