“Mon Jan 07 17:30:00 +0000 2019 @Very excited that Apple is bringing AirPlay and iTunes to my Vizio TV (and apparently Samsung TVs too). An important https://t.co/4kbvJRfGwb”
- I want to change graylog timestamp to this log timestamp
- i am using input as gelf tcp in graylog and log comes from fluentd
- created grok for timestamp:- through system --> grok, I stored log timesamp value (Mon Jan 07 17:30:00 +0000 2019) in Timestamp_tweet
- Then i created new pipeline and rule
- i am following this url to fix my issue:- Searching imported logs by log timestamp, not time Graylog received the log
- rule:- rule “parse event timestamp”
when
true
then
let new_date = parse_date(to_string($message.Timestamp_tweet), “E MMM dd HH:mm:ss Z Y);”);
set_field(“timestamp”, new_date);
end - i dont know how its comes with incoming messages ,after creating pipeline and its rule, i got a field called gl2_processing_error
