Getting Starting with Pipelines

nsookhoo · January 14, 2019, 6:55pm

Hello Everyone,

I am new to graylog so I apologize in advance for any incorrect use of terms and mistakes I make.

I am trying to alter the timestamp in a stream and from what I have read pipelines are the best way to accomplish this.

I have created a test pipeline with a connection stream and a single stage.

Here is the rule source:
rule “time update”
when
true
then
let new_date = “2019-01-11T20:49:46.805Z”;
set_field(“timestamp”, new_date);
end

From what I understand, this should change all the timestamps from the stream to 2019-01-11T20:49:46 but this is not happening.

Observing the "manage pipeline’ screen shows no throughput for the stage or rule.

Any guidance would be much appreciated, even a link to some useful documentation.

I have already read the graylog documentation (http://docs.graylog.org/en/2.5/pages/pipelines/pipelines.html#overview) but if I missed something please point it out.

Thanks

jan · January 14, 2019, 7:01pm

what is your processing oder? “System > Configuration” The processing pipelines should be after the message filter chain.

nsookhoo · January 14, 2019, 7:15pm

|1| AWS Instance Name Lookup
|2 |GeoIP Resolver
|3| Pipeline Processor
|4| Message Filter Chain

I switched the ordered of 3 and 4 and it worked!

Thank you very much!

system · January 28, 2019, 7:15pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pipeline. Timestamp dont change Graylog Central (peer support) pipeline-rules	3	466	June 8, 2021
Timestamp change pipeline Graylog Central (peer support)	2	992	January 17, 2022
Replacing default Graylog timestamp via Pipeline Processor Graylog Central (peer support) pipeline-rules , debuggingpl	13	10723	March 25, 2019
Pipeline parsing and setting correct timestamp Graylog Central (peer support) pipeline-rules	11	12929	July 20, 2017
Timestamp can't be replaced Graylog Central (peer support)	2	546	December 10, 2019