Hi Jason,
the xtimestamp field looks valid and should work if you put the value into
the mandatory timestamp field of a GELF message. The message timestamp is
interpreted as seconds since UNIX epoch (i. e. 1/1/1970 00:00:00 UTC), so
maybe you're off by some hours due to the timezone offset being used at
your place. This would cause messages being indexed "in the past" or "in
the future". Just expand the timeframe of your search by some hours and
check, if you'll find the messages there.
Cheers,
Jochen
On Monday, 27 July 2015 06:09:55 UTC+2, Jason Haar wrote:
>
> Hi there
>
> I'm trying to feed data from files in via GELF over UDP and hit a wall.
> The following sample code works fine (note "xtimestamp")
>
> echo '{"version": "1.1","host": "example.org","xtimestamp":
> 1437290906.000,"short_message": "A3 short message that helps you identify
> what is going on","full_message": "Backtrace here\n\nmore stuff","level":
> 1,"_user_id": 9001,"_some_info": "foo","_some_env_var": "bar"}' | nc -w 1
> -u localhost 12201
>
> ...but if I change "xtimestamp" to "timestamp" - no record shows up in
> graylog at all! I have tried "1437290906.000" as well as "1437290906" - and
> put it in quotes and without. It seems to me like GELF rejects messages
> that contain a timestamp?
>
> That can't be right? Thanks
>
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
