[graylog2] standard date converter failes with MapperParsingException[failed to parse [timestamp]];

[Francis Antonietti]

I want to use the application log entry timestamp as timestamp in graylog.


The application log is written with log4j whit a ConversionPattern 

log4j.appender.LOGFILE.layout.ConversionPattern=%d{ISO8601} [%t] [%X{SID}] 
[%X{USERID}:%X{USERNAME}:%X{TYPE}] %p %c - %m%n

this results in a line like 


2015-09-04 12:01:15,640 [http-nio-127.0.0.1-9001-exec-4] [1:admin:REGULAR] INFO 
com. ....



here the collector conf:

server-url = "http://localhost:12900";

enable-registration = true

collector-id = "file:config/collector-id"

        inputs {
                sampleLog {
                type = "file"
                path = "D:/sandbox/graylog/logs/mylog.log"
                content-splitter="PATTERN"
                
content-splitter-pattern="^\\d{4}-\\d{1,2}-\\d{1,2}\\s\\d{1,2}:\\d{1,2}:\\d{1,2},\\d{3}"
                 message-fields = {
                        "tag" = "ch.ti8m.sample.test"
                        "env" = "dev"
    }
  }
}


on graylog i run an extractor:



Configuration:
   
   - regex_value: (^\d{4}-\d{1,2}-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2},\d{3}?)

Converters
   
   - date
      - date_format: yyyy-MM-dd HH:mm:ss,SSS
      - time_zone: Europe/Berlin
   


This setup fails with:

MapperParsingException[failed to parse [timestamp]]; nested: 
MapperParsingException[failed to parse date field [2015-09-04 11:59:15,640], 
tried both date format [yyyy-MM-dd HH:mm:ss.SSS], and timestamp number with 
locale []]; nested: IllegalArgumentException[Invalid format: "2015-09-04 
11:59:15,640" is malformed at ",640"];


*I am aware that the tried date format has a dot and not a colon, but the 
extractor details does show the colon.*



I can get it working if I change everywhere from colon to a dot but this means 
I have to adjust the conversion pattern in the log4j config.


Can someone explain me why this is not working with the colon?


Thx,

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4b597e59-a764-428f-b3be-0aeef3c0e916%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.