Set timestamp with fraction of second


(Vladimir) #1

Good day!
How i can set default timestamp in the format “yyyy-MM-dd’T’HH:mm:ss.SSSSSS” or “yyyy-MM-dd HH:mm:ss.SSSSSS”?
Logs example:
I, [2018-12-06T09:55:05.573974 #9] INFO – : [c84466801e6886053ac6d96476fcb43b] Processing by Api::V1::EventsController#index as JSON
Timestamp comes to Graylog in a separate field (rTimestamp). Through pipeline trying to install a new timestamp, but the output format is “2018-12-06 09:55:05.573” instead of the expected " 2018-12-06T09:55:05.573974".
In elasticsearch made custom mapping:
{
“template”: “app_*”,
“mappings”: {
“message”: {
“properties”: {
“timestamp”: {
“type” : “date”,
“format” : “yyyy-MM-dd HH:mm:ss.SSS||yyyy-MM-dd’T’HH:mm:ss.SSSSSS”
}
}
}
}
But the result is not given.
ps english isn’t my native language


(Jan Doberstein) #2

Graylog currently does support only SSS and not more granular timestamps


(Vladimir) #3

Сan I set the default sort not by timestamp column?


"Failed to parse date field" after change settings
(Jan Doberstein) #4

no that is not possible. (currently)

You might want to open a freature request for that: https://github.com/Graylog2/graylog2-server/issues


#5

As I see you have the timestamp in the message, so you can put in another filed.After you can use ES API to query messages sorted by your timestamp.
Ok, in this case you loose GL’s WUI, but if you really need the SSSSSS timestamp…

https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html