UTC Timestamp recognition in GELF TCP Input

altink · 2018-12-13 20:39:58 UTC

Dear All

When I upload records by GELF TCP Input, I cannot make the Graylog event have the timestamp as it comes from my inputted data, but it gets set as the system current timestamp.

I have tried to set the timestamp field as below:
{“short_message”:“Hello 02”, “host”:“dataplus03”, “facility”:“test”, timestamp":“2018-12-09T21:55:06.021000000Z”, …}
and also:
{“short_message”:“Hello 02”, “host”:“dataplus03”, “facility”:“test”, “timestamp”:“2018-12-09 21:55:06.021Z”, …}

I tried the above according to:

quoted part:
“You usually want to have a proper (and correct) message timestamp, ideally ISO 8601 with date and time in UTC”

What timestamp format should I use to have the event’s timestamp set as my inputted UTC?
(and then displayed accordingly by Graylog)

The idea is to have my set-up format, independent of any Grok patterns like DATESTAMP_RFC… or TIMESTAMP_ISO8601, or others.

best regards,
Altin

altink · 2018-12-13 21:50:17 UTC

… and so is the:

{“short_message”:“Hello 02”, “host”:“dataplus03”, “facility”:“test”, “timestamp”:“2018-12-09T21:55:06.130”}

the 2018-12-09T21:55:06.130 being what said at the end of:
http://docs.graylog.org/en/2.4/pages/extractors.html
quoted:

" is using UTC as time zone by default unless you have time zone information"
“2014-03-12T12:27:00.000”

the 2nd being exactly what I am inputting.

altink · 2018-12-15 20:26:28 UTC

It does work if I put Unix Epoch seconds number instead of a formatted timestamp.

But I would like to know if is it possible to ingest by a “classic” yyy-mm-ddhh24… format

best regards
Altin

system · 2018-12-29 19:11:09 UTC

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.