Hello everyone, I actually have a simple need, but it seems to be more difficult to get in place... That's why I need you :D
I'm sending my Windows serveur logs via NXLog (GELF Format) and my linux based OS logs via Rsylog. The goal is, in few words, to check if there is log-on and log-off times outside a defined timing ( for example 6h to 22h ). But i don't know how to do that... I tried to apply a filter to my search regarding to the Timestamp, but I don't understand how I get this kind of timestamp : 2016-11-02T12:27:35.553Z It is automatically translated in "YMDH" by the Graylog system, but I can't apply filters on that field like this, because I don't get exactly how it works. I was thinking about a syntax like that on the Graylog search query : timestamp:2016-11-02T13:51:04.659Z TO 2016-12-02T13:51:04.659Z But the "TO" is not existing, and for sure I don't even know how to apply this range, and how to define it from the timestamp. >From a GELF Windows log, i also have the "EventReceivedTime" field, more comprehensive for my human eyes : EventReceivedTime 2016-10-21 15:50:33 But this field it not present on my Syslog logs. That's why I wanted to work on the timestamp instead of the EventReceivedTime. If you have any idea to define this time range, feel free to share :D Thank you ! Sébastien -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/99943073-4bcb-4218-8bc2-3c3272118a9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
