Hello Guys,
Is posibble replace the Timestamp?. Graylog create a timestamp when
the logs are send to Graylog, but I need replace the timestamp by date
inside in logs.
I'm using Nxlog and here is my input:
<Input hadoop>
Module im_file
File 'E:\\Hadoop\\ParsedLogs\\*.*'
SavePos TRUE
Exec if $raw_event =~/^((\d+-\d+-\d+) (\d+:\d+:\d+)),\d+
((?:INFO|ERROR|WARN)) (org.apache.hadoop.\w+.\w+): (.*)/ \
{ \
$date = $1; \
$time = $2; \
$Timestamp = parsedate($date + " " + $time); \
$CStatus = $3; \
$Process = $4; \
$Process_result = $5; \
to_json(); \
} \
else \
{ \
drop(); \
}
</Input>
But now I have a field named Timestamp, and the Histogram show me the
Timestamp when the log was put in the Graylog. Maybe any way to replace the
Timestamp in the Histogram?.
I attached an exmple about I told you.
Thank you.
<https://lh3.googleusercontent.com/-Dw5YMEqKu28/VsSsy5ocbXI/AAAAAAAAGQA/Aq_DzAa1PEs/s1600/graylog.jpg>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/63d60185-739d-4b29-a93b-a62735a8a996%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
