Timestamp can't be replaced

chenglin · November 25, 2019, 3:39pm

when I want to use pipeline to change the original one, then I can’t receive my logs.

rule “change_timezone”
when
has_field(“timestamp”)
then
let result = regex(“^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3})”, to_string($message.timestamp));
let ori_date = parse_date(to_string(result[“0”]), “yyyy-MM-dd’T’HH:mm:ss.SSS”);
let now_date = parse_date(to_string(result[“0”]), “yyyy-MM-dd’T’HH:mm:ss.SSS”, “en_US”, “Asia/Qatar”);
set_field(“ori_date”, ori_date);
set_field(“timestamp”, now_date);
end

If I write like this, I won’t see any new logs in my dashboard any more.
If I change the field timestamp to another new field. For example like set_field(“new_date”, new_date);
I can see the new logs, but the timestamp can’t be changed.

chenglin · November 26, 2019, 8:53am

Today I logged in to my graylog server again, and everything worked just fine.
It’s so weird, I really tried a lot of times yesterday.

system · December 10, 2019, 8:53am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp change pipeline Graylog Central (peer support)	2	1133	January 17, 2022
Set timestamp with pipeline Graylog Central (peer support)	4	4149	July 27, 2017
Pipeline. Timestamp dont change Graylog Central (peer support) pipeline-rules	3	547	June 8, 2021
Change the timestamp format from yyyy-MM-dd HH:mm:ss.SSS Z to yyyy/MM/dd HH:mm:ss.SSS Z with pipeline rule Graylog Central (peer support) pipeline-rules	12	2154	January 27, 2023
Pipeline rule not working parse_date Graylog Central (peer support) pipeline-rules , debuggingpl	4	3246	October 3, 2018

Timestamp can't be replaced

Related Topics