[graylog2] Re: Searching by timestamp range
I ended up writing a MessageFilter plugin that intercepts the messages and explodes the "timestamp" field into parts: private void explodeDateField(String field, Message message) { if (message.hasField(field)) { Object fieldValue = message.getField(field); if (fieldValue != null) { try { //try to interpret the field as a date DateTime date = new DateTime(fieldValue); //assuming we have a valid date here, add the parts back on the message message.addField(field + "_dow", date.dayOfWeek().get()); message.addField(field + "_day_week", date.dayOfWeek().getAsText()); message.addField(field + "_day", date.dayOfMonth().get()); message.addField(field + "_day_year", date.dayOfYear().get()); message.addField(field + "_month", date.monthOfYear().get()); message.addField(field + "_year", date.year().get()); message.addField(field + "_hour", date.hourOfDay().get()); message.addField(field + "_minute", date.minuteOfHour().get()); } catch (IllegalArgumentException e) { log.debug("IllegalArgumentException thrown - Could not parse timestamp", fieldValue); } catch (Exception e) { log.error("Exception thrown '", e.getMessage()); } } } } So now I can do queries like: timestamp_day_week:(Sunday Saturday) OR (timestamp_day_week:(Monday Tuesday Wednesday Thursday Friday) AND (timestamp_hour:[17 TO 23] OR timestamp_hour:[0 TO 9])) Which should find all events occurring outside of M-F 9am-5pm Not terribly pretty, but it works. On Tuesday, October 20, 2015 at 10:39:49 AM UTC-6, Jesse Skrivseth wrote: > > Hello everyone, > > Is there a way to do a search for all records with a timestamp that is > outside normal business hours? I can't seem to do ranges on timestamps, > ignoring the date. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a4108268-f8b1-40d5-978e-307193506b5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Searching by timestamp range
I ended up writing a MessageFilter plugin that intercepts the messages and explodes the "timestamp" field into parts: private void explodeDateField(String field, Message message) { if (message.hasField(field)) { Object fieldValue = message.getField(field); if (fieldValue != null) { try { //try to interpret the field as a date DateTime date = new DateTime(fieldValue); //assuming we have a valid date here, add the parts back on the message message.addField(field + "_dow", date.dayOfWeek().get()); message.addField(field + "_day_week", date.dayOfWeek().getAsText()); message.addField(field + "_day", date.dayOfMonth().get()); message.addField(field + "_day_year", date.dayOfYear().get()); message.addField(field + "_month", date.monthOfYear().get()); message.addField(field + "_year", date.year().get()); message.addField(field + "_hour", date.hourOfDay().get()); message.addField(field + "_minute", date.minuteOfHour().get()); } } catch (IllegalArgumentException e) { log.debug("IllegalArgumentException thrown - Could not parse timestamp", fieldValue); } catch (Exception e) { log.error("Exception thrown '", e.getMessage()); } } } So now I can do queries like: timestamp_day_week:(Sunday Saturday) OR (timestamp_day_week:(Monday Tuesday Wednesday Thursday Friday) AND (timestamp_hour:[17 TO 23] OR timestamp_hour:[0 TO 9])) Which should find all events occurring outside of M-F 9am-5pm Not terribly pretty, but it works. On Tuesday, October 20, 2015 at 10:39:49 AM UTC-6, Jesse Skrivseth wrote: > > Hello everyone, > > Is there a way to do a search for all records with a timestamp that is > outside normal business hours? I can't seem to do ranges on timestamps, > ignoring the date. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a30b0858-a204-41d0-a916-455819528248%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.