Hi Wayne,
the following extractor is working for me without problem:
{
"extractors": [
{
"title": "Timestamp",
"extractor_type": "regex",
"converters": [
{
"type": "date",
"config": {
"date_format": "yyyy-MM-dd HH:mm:ss,SSS",
"time_zone": "Etc/GMT+2"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "timestamp",
"extractor_config": {
"regex_value": "^([0-9]{4}-[0-9]{2}-[0-9]{2}
[0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3})"
},
"condition_type": "none",
"condition_value": ""
}
],
"version": "2.1.1"
}
Cheers,
Jochen
On Thursday, 13 October 2016 18:41:13 UTC+2, Wayne wrote:
>
> Hi Jochen,
>
> Just to add a bit more detail:
>
> The timestamp in my server log is of the following pattern:
>
> 2016-10-13 12:37:00,022
>
> I was not able to configure an extractor to extract it as a date type with
> the pattern like
> yyyy-MM-dd HH:mm:ss,SSS
>
> Note: I was creating an Extractor with type of Grok pattern
>
>
> Thanks,
>
> Wayne
>
>
> On Thursday, October 13, 2016 at 10:34:29 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Wayne,
>>
>> On Thursday, 13 October 2016 16:30:18 UTC+2, Wayne wrote:
>>>
>>> I understand that the timestamp reflects the time that graylog imported
>>> the log messages, and not the timestamp associated with the application log
>>> message. For example, if I send a log file from my application server to
>>> graylog server, the timestamp of my application log message is a different
>>> field (when extracted) in graylog UI
>>>
>>
>> Graylog is only falling-back to the ingestion time if the message itself
>> doesn't include a timestamp or includes an invalid timestamp.
>>
>> For example if you're using a GELF input and the GELF messages contain a
>> valid timestamp field, that timestamp is being used as message timestamp
>> in Graylog.
>>
>>
>> Is there a workaround?
>>>
>>
>> What exactly is the problem you're trying to solve?
>>
>> Cheers,
>> Jochen
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/f66f3f79-265e-40d9-b8f1-a283ba1f2b96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.