My graylog server (2.3) is using UTC for all timestamp fields- that’s fine but I’d like to have a separate field called ‘timestamp_EST’ that shows the time in EST.
I’ve been trying this with ‘Copy Input’ extractors but it hasn’t worked. It’s set to ‘always extract’ and ‘copy’ instead of cut. I’ve tried both the Date and Flexible date converters, with different format strings (yyyy-MM-dd HH:mm:ss.SSS, yyyy-MM-dd’T’HH:mm:ss.SSS, etc.) but it’s not extracting and creating the extra timestamp_EST field.
Any idea what I’m doing wrong?