So I don't believe it handles snapshots yet, but it still looks like a pretty useful tool that I have been meaning to try out for people who don't want to manage through the API.
Or... learn to work in UTC like the rest of us 😉
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
So......you just add (say 5, for NY) to everything you see?
Or just work in UTC. In modern international business you always have to adjust the time. Nothing is easier than using UTC which is stable, as a base.
How do you get everyone to play along? Server support? Desktop support? Etc..
You make it a company policy. Times are in UTC. It's pretty easy, you can set desktops through GP or similar. Set servers to UTC. Works like magic. Some people might adjust their own stuff, but if they miss things it's purely a failure on their part that they have no excuse for. In fact, the excuse might be worse than missing things (intentionally breaking policy to not know when to show up.)
Wait, wait...so you expect all your users to also adapt to UTC?
Easier than have them not be able to figure out timezones. It's LESS adaptation, rather than more.
Got it. The node list needs to be master nodes only, but by default the non-master local 127.0.0.1 is left in the list. You have to remove it but keep the other nodes in for it to work.