Set timestamp with fraction of second

Good day!
How i can set default timestamp in the format “yyyy-MM-dd’T’HH:mm:ss.SSSSSS” or “yyyy-MM-dd HH:mm:ss.SSSSSS”?
Logs example:
I, [2018-12-06T09:55:05.573974 #9] INFO – : [c84466801e6886053ac6d96476fcb43b] Processing by Api::V1::EventsController#index as JSON
Timestamp comes to Graylog in a separate field (rTimestamp). Through pipeline trying to install a new timestamp, but the output format is “2018-12-06 09:55:05.573” instead of the expected " 2018-12-06T09:55:05.573974".
In elasticsearch made custom mapping:
{
“template”: “app_*”,
“mappings”: {
“message”: {
“properties”: {
“timestamp”: {
“type” : “date”,
“format” : “yyyy-MM-dd HH:mm:ss.SSS||yyyy-MM-dd’T’HH:mm:ss.SSSSSS”
}
}
}
}
But the result is not given.
ps english isn’t my native language

Graylog currently does support only SSS and not more granular timestamps

Сan I set the default sort not by timestamp column?

no that is not possible. (currently)

You might want to open a freature request for that: https://github.com/Graylog2/graylog2-server/issues

As I see you have the timestamp in the message, so you can put in another filed.After you can use ES API to query messages sorted by your timestamp.
Ok, in this case you loose GL’s WUI, but if you really need the SSSSSS timestamp…

https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.