In case thise helps, I do this with the following extractor which you
should be able to import
{
"extractors": [
{
"title": "Extract timestamp from log message",
"extractor_type": "regex",
"converters": [
{
"type": "flexdate",
"config": {
"time_zone": "Australia/Brisbane"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "timestamp",
"extractor_config": {
"regex_value": "^\\[([^\\]]+)"
},
"condition_type": "regex",
"condition_value": "^\\[([^\\]]+)"
}
],
"version": "2.1.0-SNAPSHOT"
}
You may have to adjust the regex patterns to extract the right part from
your message
Cheers,
Michael
On Saturday, 10 September 2016 00:21:12 UTC+10, [email protected] wrote:
>
> Hello There,
>
>
> Concerning log ingestion time stamps, we notice that the log entry
> timestamp and the event time stamp stamp don't quite match. At this point
> it really only seems to be off by a few milliseconds. I'm assuming that the
> log time stamp is the time the log was ingested into graylog (we used nxlog
> with collector-sidecar). Just wanted to check in to see if there is
> something in our configuration we could have done differently to tighten up
> the difference?
>
>
>
> <https://lh3.googleusercontent.com/-lT1HPSRlwu4/V9LE0jeSEfI/AAAAAAAAAAM/fwhUk0-BQk4vFbZ9VcQt3Vu_LG4mDGjKwCLcB/s1600/Graylogtimestamp.png>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/74e424b1-29ce-4e37-80b0-0928b43ed577%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
