I want to change the graylog timestamp as in my log timestamp,how can i do it with “pipelines”
sample log:- “2018-12-20 00:44:29 @It’s easy to get Azure App Services to e-mail you if something bad happens with your app.”
when i try to add pipeline rule it shows error
rule “timestamp”
when
has_field(“transaction_date”)
then
let current_year = now().year;
let ts_string = concat(to_string(current_year), concat(" ", to_string($message.timestamp)));
let new_date = parse_date(to_string($message.timestamp),“yyyy-MMM-dd HH:mm:ss”,“Asia/Kolkata”);
set_field(“timestamp”, new_date);
end
please help me to done this
Have you parsed the message already so that the transaction_date field exists? If not, do that first.
The rest of your rule, you can forget about current_year and ts_string, they aren’t needed (first 2 lines). The rest of it looks fine - you could alternatively try to flex_parse_date instead.
Hi ,
Thanks for the reply I am new in graylog.can you please tell what are the steps following to change graylog timestamp as log timestamp,I am using filebeat for fetch logs
Step 1: Answer the question I asked you in my previous post 
Step 2 through Step X: to be determined based on the answer.
Asking the same question repeatedly will not have the effect you want.
no! how can i parse those messages ? this are my logs
Sorry guy, but I’m not your support system - read the fine manual, then come back with a properly framed question. If you’re unable or unwilling to do that, I find myself unable (and unwilling) to answer questions.
