Trying to convert Checkpoint timestamp to a date object in Graylog using the pipeline function parse_date(). I want it to match the Graylog default timestamp format, minus the timezone (because it doesn’t appear in Checkpoint logs).
Old date format: 12Nov2019 14:30:00
Desired date format: 11-12-2019 14:30:00
Here is my rule (given that $message.event_timestamp is the timestamp extracted from Checkpoint log):
// Convert Checkpoint timestamp format to Syslog format:
set_field(
“event_timestamp”,
parse_date(to_string($message.event_timestamp), “ddMMMYYYY HH:mm:ss”)
);
This produces the following date: 11-12-2019T14:30:00Z, which contains two unwanted characters T and Z.
I notice that the Graylog default timestamp field is rendered differently between the Simulator and in Search results. In the former it is in the format I don’t want (`
How do I pass a literal <whitespace> in the format? And how can I get rid of the Z at the end in place of the timezone?