Hi Alex, the Graylog Collector file input basically just reads in text files and sends them line-by-line to Graylog. It doesn't parse those lines in any way. If you want to use the original timestamp of the log messages in your file(s) as message timestamp in Graylog, you'll have to add one or more extractors to the GELF TCP input which parses the message and extracts the correct timestamp.
Cheers, Jochen On Tuesday, 1 December 2015 17:20:02 UTC+1, Alex B. wrote: > > Hello, using graylog 1.2.2 and collector 0.4.1, there is a big difference > between graylog timestamp and log file timestamp. > > A line in a logfile with a 17:11:34,887 timestamp can have a 17:11:53.328 > timestamp in graylog, which is a 20 seconds difference ! > > I'm currently testing collector to replace nxlog, don't have this problem > with nxlog as you can apply parsedate on date field and send it as event > time. > > Ty > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/69108a19-ecf8-4be5-8f64-693add61b35e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
