Skip to main content

Based on the log timestamp

This document provides information on the reference time of the log time stamp in the processing stage of the log monitoring process.

Timestamp reference time

Change of the log timestamp's reference time

The reference time of the log time stamp has been changed from WhaTap agent's collection time to WhaTap collection server's log handling time.

Under normal circumstances, you can search logs the same as before without much difference. After the change, the log monitoring can be used consistently without modification even in the following cases:

  • When using NTP, the server time of the monitoring target is set to a time earlier or later than the standard time.

  • Without using NTP, the server times in multiple monitoring targets are different.

Setting the search range of the time selector

By a change of the timestamp's reference time, the time selector also operates based on the WhaTap collection server time. As a result, there may be a difference between agent collection time and WhaTap collection server time, resulting in the logs that are not included in the search range. In this case, searching is possible by specifying the search range wider.

Log Trend

The X axis of the Log trend chart displays at least 1-minute increments. Even if the log reference time has been changed, it does not affect the overall trend of the chart.

The agenttime index has been added that indicates the log creation time in the log message. Check the agent collection time through the agenttime value.

Note

WhaTap collection server time that follows the UTC time zone, is converted according to the user's browser time for display.

For example, the UTC+9 time appears in Korea.

Reference time for each step

Logs are collected through the following 3 steps: Different reference times may be used for each step.

  1. Log creation time

    Deviations may occur depending on the time or logging policy of the monitoring target.

  2. Agent collection time

    Deviations may occur depending on how the product or agent in use collects logs and which logs are generated.

    • Application

      Depending on the settings, logs are collected in almost real time from the log library or log files.

      Note

      The log library is supported only for Java products.

    • Server

      The log file collects logs in almost real time.

    • AWS Log

      Logs are collected in almost real time or every few minutes depending on the AWS resource policy.

  3. WhaTap collection server time

    Regardless of what you monitor or how you generate logs, we use the time stored on the collection server.

There is a big difference between WhaTap agent collection time and WhaTap collection server time. Check the server time of the monitoring target. If the monitored server time is set to a time earlier or later than the server time, this affects the agent collection time.