gsmith
January 12, 2022, 3:07am
7
Ok,
Two Inputs.
The first one nginx access log has some extractors.
Second one nginx error log There are also some extractors.
I’m not 100% sure but I think the error is coming from the second INPUT. The extractor called Timestamp. I clicked the edit button next to timestamp. If this is correct so far maybe try adjusting the convert to date type as shown below.
EDIT: Or check this postS out,
Hi
I have solved the problem.
Because I let the nginx log format was introduced into graylog json format, so after using json format resolution timestamp field is a string is not a time format, which is not directly use in time format.
It is only necessary to change the timestamp in the log to the time format.
I am using pipeline in graylog.
The pipeline rules are as follows:
rule "parse timestamp"
when
true
then
let ngx_timestamp=grok("%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:s…
Sorry that I missed one Important in the time …
yyyy-MM-dd'T'HH:mm:ss.SSSX
You need to match the parse string 100% to your time - that is the reason for your errors
Hope that helps
