How to copy timestamp to timereadtime then change timestamp to real time?

kevinbolton · April 1, 2019, 6:41am

Hi

I want to copy timestamp to new field “logreadtime”
then, change timestamp to time in raw log
But It doesn’t work, Why(detail as below)?

There is a log with fields:
Routed into streams: CISCO
YEAR: 2019
MONTH: Apr
MONTHDAY: 1
HOUR: 06
MINUTE: 07
SECOND: 41.176
TIME: 06:07:41.176

I created a rule(as below) and link it to a pipeline ‘CISCO’

Pipeline ‘CISCO’
Connect to stream ‘CISCO’
Stage 0 with a rule “Save and update timestamp”

rule “Save and update timestamp”
when
true
then
set_field(“logreadtime”, $message.timestamp);
let new_date = parse_date(
value: to_string($message.YEAR) + “-” + to_string($message.MONTH) + “-” + to_string($message.MONTHDAY) + “T” + to_string($message.TIME),
pattern: “yyyy-MMM-d’T’HH:mm:ss.SSS”
);
set_field(“timestamp”, new_date);
end

system · April 15, 2019, 6:49am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp change pipeline Graylog Central (peer support)	2	992	January 17, 2022
Changing timestamp to servertime recieved Graylog Central (peer support) pipeline-rules , time-stamp-issuespl	9	7435	January 31, 2018
Timestamp can't be replaced Graylog Central (peer support)	2	546	December 10, 2019
Pipeline for timestamp Graylog Central (peer support)	6	3595	April 19, 2018
Setting Timestamp - Piplelines/Rules Graylog Central (peer support) pipeline-rules , time-stamp-issuespl	6	4083	August 18, 2017

How to copy timestamp to timereadtime then change timestamp to real time?

Related Topics