UTC Timestamp recognition in GELF TCP Input

Dear All

When I upload records by GELF TCP Input, I cannot make the Graylog event have the timestamp as it comes from my inputted data, but it gets set as the system current timestamp.

I have tried to set the timestamp field as below:
{“short_message”:“Hello 02”, “host”:“dataplus03”, “facility”:“test”, timestamp":“2018-12-09T21:55:06.021000000Z”, …}
and also:
{“short_message”:“Hello 02”, “host”:“dataplus03”, “facility”:“test”, “timestamp”:“2018-12-09 21:55:06.021Z”, …}

I tried the above according to:

quoted part:
“You usually want to have a proper (and correct) message timestamp, ideally ISO 8601 with date and time in UTC”

What timestamp format should I use to have the event’s timestamp set as my inputted UTC?
(and then displayed accordingly by Graylog)

The idea is to have my set-up format, independent of any Grok patterns like DATESTAMP_RFC… or TIMESTAMP_ISO8601, or others.

best regards,
Altin

… and so is the:

{“short_message”:“Hello 02”, “host”:“dataplus03”, “facility”:“test”, “timestamp”:“2018-12-09T21:55:06.130”}

the 2018-12-09T21:55:06.130 being what said at the end of:
http://docs.graylog.org/en/2.4/pages/extractors.html
quoted:

1. " is using UTC as time zone by default unless you have time zone information"
2. “2014-03-12T12:27:00.000”

the 2nd being exactly what I am inputting.

It does work if I put Unix Epoch seconds number instead of a formatted timestamp.

But I would like to know if is it possible to ingest by a “classic” yyy-mm-ddhh24… format

best regards
Altin

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.