Hi @jan.
how are you?
thanks for replay.
garylog version: Graylog 3.2.4+a407287
Elasticsearch: elasticsearch-oss-6.8.6-1.noarch
my log is json format, direct send from app to kafka then graylog with Raw/Plaintext Kafka consume, I have json extractor and priority in graylog configuration is:
1) Message Filter Chain
2) Pipeline Processor
3) GeoIP Resolver
4) AWS Instance Name Lookup
message log is:
{"Timestamp":"2020-04-22T12:47:21.8003658+04:30","Level":"Information","MessageTemplate":"{HostingRequestFinishedLog:l}","RenderedMessage":"Request finished in 204.73940000000002ms 200 application/json; charset=utf-8","Properties":{"ElapsedMilliseconds":204.73940000000002,"StatusCode":200,"ContentType":"application/json; charset=utf-8","HostingRequestFinishedLog":"Request finished in 204.73940000000002ms 200 application/json; charset=utf-8","EventId":{"Id":2},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HLV4D8POIDLO:00000001","RequestPath":"/web/api/","SpanId":"|6cce0a04-4ad0a3980437438d.","TraceId":"6cce0a04-4ad0a3980437438d","ParentId":"","ConnectionId":"0HLV4D8POIDLK","MachineName":"my_server","ThreadId":33,"Application":"My_app"},"Renderings":{"HostingRequestFinishedLog":[{"Format":"l","Rendering":"Request finished in 204.73940000000002ms 200 application/json; charset=utf-8"}]}}
Timestamp in message show with milisecond but when extractor apply, this is how it is displayed
timestamp
2020-04-22 12:47:27 +04:30
only in left side show timestamp with milisecond (Red box)
Even if, I used pipeline and store Timestamp in another field, but I don’t have milisecond. (Blue box).
The second problem is that the received logs are not arranged that the full is explained in this link.
thanks a lot 