Trying to replace the timestamp received from filebeat with the timestamp from some old logs.
I created a extractor with just dd-MM-yyyy hh:mm:ss.S transform to date and put as field name timestamp as I found in some blogs, but did not works is still using graylog timestamp. The difference is that Graylog timestamp format is different that my timestamps logs format
Graylog Server timestamp format is yyyy-MM-dd hh:mm:ss.S
My Logs Format is: dd-MM-yyyy hh:mm:ss.S
I am using Ubuntu 20.04 with graylog 4.3.2
And filebeat to send the logs to the graylog server and my logs are some jboss logs.
This is an example of my log timestamp:
22/05/2022 09:24:19.727
rule "replace timestamp"
when
true
then
let result = regex("([0-9-T.:]+)", to_string($message.Testing));
let new_date = parse_date(to_string(result["0"]), "yyyy-MM-dd'T'HH:mm:ss.SSS","CST"); ///Centeral time Zone
set_field("timestamp", new_date);
end
EDIT:
For pipelines, insure the following is correct under System/Configuration β Message Processors Configuration. make sure Pipeline processor is after Message Filter Chain.
Hi thanks for your answer
I detect some error in my extractor, because my original field is like day/month/year⦠and as the Timestamp is using - instead of /, I use the replace with regular expression to do the change and then convert to date field:
2022-07-07T20:20:17.176+03:00 ERROR [Extractor] Could not apply converter [DATE] of extractor <Testing (bdfb51f0-fe17-11ec-85e2-02423c9a532d)>:
java.lang.IllegalArgumentException: Invalid format: β18-05-2022 10:05:07.648β is malformed at β-05-2022 10:05:07.648β
at org.joda.time.format.DateTimeFormatter.parseDateTime(DateTimeFormatter.java:945)
β¦ 13 more
