This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Ingestion latency

Posted on 04-03-2025 05:25 AM
Rached1996
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hello community , 
I'm facing a issue that my zscaler logs are ingested with a latency around 60 miutes and more.
The difference between ingested timestamp and event timestamp is around 560 minutes.
Who can tel this can be due to what exactly ? 
Thanks for help

0 2 110
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
kentphelps
Staff
Reply posted on --/--/---- --:-- AM

This post, while focus on timestamps,includes a detailed section on how to analyze latency (as well as time based misconfigurations) - https://medium.com/@thatsiemguy/fix-rfc3164-timestamps-with-bindplane-for-enterprise-fb96dd16d015

Also this doc: https://cloud.google.com/chronicle/docs/detection/timestamp-definitions


0 Likes

Posted on --/--/---- --:-- AM
AJMSecOps
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@Rached1996 How are you ingesting the logs currently?

0 Likes
Top Solution Authors
View all