Hello, I’m learning pipeline usage and find a problem on my Graylog 2.2.2.
I have a stream called (PCB) where my logs enter.
I have create 2 pipeline:
1 - Just add a field named toto (to test)
2 - change timestamp for UTC problem.
The pipeline is linked to the Stream PCB.
I have a problem with configuration Menu.
When the order is:
1 - Pipeline processor
2 - Message Filter Chain
3 - GeoIP Resolver
I receive the log on the right Stream, but nothing change
When I put the order from GraylogDoc
1 - Message Filter Chain
2 - Pipeline processor
3 - GeoIP Resolver
The log is transformed, and future are rooted in the void…
The simulation work fine
the rules are simply:
rule "parse event timestamp"
when
true
then
let new_date = parse_date(to_string($message.Time), “yyyy-MM-dd HH:mm:ss,SSSS”);
set_field(“timestamp”, new_date);
end
Do you have any idea ?