Hi Al, On Wednesday, 8 February 2017 15:11:34 UTC+1, Al Reynolds wrote: > > I was under the impression that using the "parse_date" function would > create a Date object? >
It does, see http://docs.graylog.org/en/2.1/pages/pipelines/functions.html#parse-date for reference. But your date pattern may be wrong (see http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html for reference). Please share some example messages, so that we can validate your rule. > As for "$timestamp" instead of "timestamp", I was trying different > configurations, and thought that since the message field is referenced as > "$message" I would try that format. What does the "$" indicate? > The $ character is simply part of the variable name containing the current message (which is "$message"). It doesn't have a special meaning. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/acd02ab0-564b-46cc-bab8-627170b05489%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
