Hi Jochen,
I have tried your extractor, and it looks like it almost worked, except
that the timestamp seems to use UTC, instead of my local time zone.
So the timestamp in my case (Toronto) is 4 hours ahead of the timestamp in
the application log.
What is the timezone that I should use? It seems that the Toronto in the
dropdown did not work.
Thanks,
Wayne
On Friday, October 14, 2016 at 12:32:44 PM UTC-4, Jochen Schalanda wrote:
>
> Hi Wayne,
>
> the following extractor is working for me without problem:
>
> {
> "extractors": [
> {
> "title": "Timestamp",
> "extractor_type": "regex",
> "converters": [
> {
> "type": "date",
> "config": {
> "date_format": "yyyy-MM-dd HH:mm:ss,SSS",
> "time_zone": "Etc/GMT+2"
> }
> }
> ],
> "order": 0,
> "cursor_strategy": "copy",
> "source_field": "message",
> "target_field": "timestamp",
> "extractor_config": {
> "regex_value": "^([0-9]{4}-[0-9]{2}-[0-9]{2}
> [0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3})"
> },
> "condition_type": "none",
> "condition_value": ""
> }
> ],
> "version": "2.1.1"
> }
>
>
> Cheers,
> Jochen
>
> On Thursday, 13 October 2016 18:41:13 UTC+2, Wayne wrote:
>>
>> Hi Jochen,
>>
>> Just to add a bit more detail:
>>
>> The timestamp in my server log is of the following pattern:
>>
>> 2016-10-13 12:37:00,022
>>
>> I was not able to configure an extractor to extract it as a date type
>> with the pattern like
>> yyyy-MM-dd HH:mm:ss,SSS
>>
>> Note: I was creating an Extractor with type of Grok pattern
>>
>>
>> Thanks,
>>
>> Wayne
>>
>>
>> On Thursday, October 13, 2016 at 10:34:29 AM UTC-4, Jochen Schalanda
>> wrote:
>>>
>>> Hi Wayne,
>>>
>>> On Thursday, 13 October 2016 16:30:18 UTC+2, Wayne wrote:
>>>>
>>>> I understand that the timestamp reflects the time that graylog imported
>>>> the log messages, and not the timestamp associated with the application
>>>> log
>>>> message. For example, if I send a log file from my application server to
>>>> graylog server, the timestamp of my application log message is a different
>>>> field (when extracted) in graylog UI
>>>>
>>>
>>> Graylog is only falling-back to the ingestion time if the message itself
>>> doesn't include a timestamp or includes an invalid timestamp.
>>>
>>> For example if you're using a GELF input and the GELF messages contain a
>>> valid timestamp field, that timestamp is being used as message
>>> timestamp in Graylog.
>>>
>>>
>>> Is there a workaround?
>>>>
>>>
>>> What exactly is the problem you're trying to solve?
>>>
>>> Cheers,
>>> Jochen
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a5a09f04-feff-4657-8cbb-f266abf24a77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
