Timestamp change pipeline

ncmfn · January 1, 2022, 12:24pm

Hi,

I want to change the time of my logs timestamp by reducing 3 hours from it timestamp.

rule "set timestamp"
when
  $message.source == "example.org"
then
  let new_timestamp = parse_date(to_string($message.timestamp), "yyyy-MM-dd HH:mm:ss");
  ***new_timestamp = new_timestamp-3;***
  set_field("timestamp", new_timestamp);
end

The starred line is not correct. How can I fix it?

gsmith · January 3, 2022, 11:57pm

Hello,

Have you seen this.

system · January 17, 2022, 11:58pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp can't be replaced Graylog Central (peer support)	2	586	December 10, 2019
Pipeline. Timestamp dont change Graylog Central (peer support) pipeline-rules	3	548	June 8, 2021
Timestamp Replacement Issues (Ingestion timestamp vs log timestamp) Graylog Central (peer support) pipeline-rules , time-stamp-issuespl	3	2908	April 20, 2019
Pipeline parsing and setting correct timestamp Graylog Central (peer support) pipeline-rules	11	13324	July 20, 2017
Changing timestamp to servertime recieved Graylog Central (peer support) pipeline-rules , time-stamp-issuespl	9	7561	January 31, 2018

Timestamp change pipeline

Related topics