Hi Jochen, I did not create an extractor to parse the access logs. I have setup extractors on other inputs. How do I use the recognized date as the message timestamps?
On Tuesday, September 1, 2015 at 4:21:55 AM UTC-4, Jochen Schalanda wrote: > > Hi Kevin, > > did you create an extractor (e. g. a grok or a regex extractor) to parse > those access logs and use the recognized date as the message timestamp? If > so, how do those extractors look like? > > > Cheers, > Jochen > > On Tuesday, 1 September 2015 02:50:57 UTC+2, Kevin Johnson wrote: >> >> Hi Jochen, >> >> Below is a screen shot of some of the messages: >> >> >> >> I'm running the following script to send the log to the Graylog server. >> >> #!/bin/bash >> >> tail -F -q /u02/logs/php_error.log | >> >> while read -r line ; >> >> do echo 192.1681.1 $line | >> >> nc -w 1 -u 192.168.1.12 12409; >> >> done; >> >> >> On Monday, August 31, 2015 at 5:17:47 AM UTC-4, Jochen Schalanda wrote: >>> >>> Hi Kevin, >>> >>> could you please post some of the messages you send to Graylog and how >>> they are being parsed? >>> >>> >>> Cheers, >>> Jochen >>> >>> On Saturday, 29 August 2015 04:20:34 UTC+2, Kevin Johnson wrote: >>>> >>>> I set the root_timezone to EST, which all my servers are set to. >>>> Restarted Graylog. Once again there is a huge gap in time between the >>>> Graylog time stamp and the actual time of the logs. The time between them >>>> is well over 24 hrs. When creating alerts, I receive them while after the >>>> fact. Is there anything I tweak on the Graylog server to alleviate the >>>> huge >>>> gap in time? >>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f2a2885e-e7cb-4299-8af2-9bf7451e1bf1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
