Did you try changing the field name to lowercase "timestamp"?
On Wednesday, February 17, 2016 at 12:26:23 PM UTC-5, Juan Andres Ramirez
wrote:
>
> Hello Guys,
> Is posibble replace the Timestamp?. Graylog create a timestamp when
> the logs are send to Graylog, but I need replace the timestamp by date
> inside in logs.
> I'm using Nxlog and here is my input:
>
> <Input hadoop>
> Module im_file
> File 'E:\\Hadoop\\ParsedLogs\\*.*'
> SavePos TRUE
> Exec if $raw_event =~/^((\d+-\d+-\d+) (\d+:\d+:\d+)),\d+
> ((?:INFO|ERROR|WARN)) (org.apache.hadoop.\w+.\w+): (.*)/ \
> { \
> $date = $1; \
> $time = $2; \
> $Timestamp = parsedate($date + " " + $time); \
> $CStatus = $3; \
> $Process = $4; \
> $Process_result = $5; \
> to_json(); \
> } \
> else \
> { \
> drop(); \
> }
> </Input>
>
>
> But now I have a field named Timestamp, and the Histogram show me the
> Timestamp when the log was put in the Graylog. Maybe any way to replace the
> Timestamp in the Histogram?.
>
>
> I attached an exmple about I told you.
> Thank you.
>
>
> <https://lh3.googleusercontent.com/-Dw5YMEqKu28/VsSsy5ocbXI/AAAAAAAAGQA/Aq_DzAa1PEs/s1600/graylog.jpg>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/ce404670-9478-45b3-a10a-d9b9e0779053%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
