Hi Jochen,

I installed the "Graylog collector sidecar" in a server node to send the 
tail of the log file to Graylog2 server in another machine.

In the UI of Graylog2 server, I created an Extractor (Grok pattern) to 
generate new fields such as log level, log message, and mytimestamp. The 
mytimestamp is by default a string type, so I create another Extractor 
(copy input) to create another field mytimestampDate. I also load the 
custom mapping so that mytimestampDate will be date type.

I tried to modify the field name mytimestampDate to timestamp, However, 
messages did not get through Graylog2 server, and the timestamp in Graylog2 
is still UTC time.

Is it not the right way to get the log messages into Graylog2 server?



On Thursday, October 13, 2016 at 10:34:29 AM UTC-4, Jochen Schalanda wrote:
> Hi Wayne,
> On Thursday, 13 October 2016 16:30:18 UTC+2, Wayne wrote:
>> I understand that the timestamp reflects the time that graylog imported 
>> the log messages, and not the timestamp associated with the application log 
>> message. For example, if I send a log file from my application server to 
>> graylog server, the timestamp of my application log message is a different 
>> field (when extracted) in graylog UI
> Graylog is only falling-back to the ingestion time if the message itself 
> doesn't include a timestamp or includes an invalid timestamp.
> For example if you're using a GELF input and the GELF messages contain a 
> valid timestamp field, that timestamp is being used as message timestamp 
> in Graylog.
> Is there a workaround?
> What exactly is the problem you're trying to solve? 
> Cheers,
> Jochen

You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to