bignjato
(Boris Ignjatović)
1
Hello,
Can you please help me with creating timestamp replace from message log, that I can do a timechart on error messages.
I was create a pipeline to replace timestamp but when is enabled graylog does not show any log message:
I use this log message - 2017-05-22T03:10:16+00:00 itc2000 daemon info itcTransceiver[1320]: SBCWorkflow: now 1970-Jan-03 17:50:18.831346 (0.-247636)"
I create extractor with name test and extract this timestamp - 2017-05-22T03:10:16+00:00
rule "parse event timestamp"
when
true
then
set_field(“timestamp”,parse_date(to_string($message.test),“yyyy-MM-dd’T’hh:mm:ss.SSSZ”));
end
And with this pipeline I want replace standard timestamp with my message timestamp that I can create timeline chart.
Thank for all suggestion!
jan
(Jan Doberstein)
2
Hej Boris,
what is the processing order? Will Processing Pipelines run after Message Filter Chain or before? It need to run after.
bignjato
(Boris Ignjatović)
3
It is Message Filter Chain -> Pipelines and geo disabled
Thanks for try help! I loos about a week on this problem !
Problem is when i search some error I want to create timestamp line when
this error occures!
napisao je:
jan
(Jan Doberstein)
4
Hej Boris,
does that work if you are using not the timestamp field?
bignjato
(Boris Ignjatović)
5
Yes if I use some FileName or some new label it copy time to this field
only if I set timestamp doesn’t work.
Do graylog has some workaround for manual imported logs, that I can have
error timestamp histogram
system
(system)
Closed
6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
