Hello everyone, I actually have a simple need, but it seems to be more difficult to get in place... That's why I need you :D
I'm sending my Windows serveur logs via NXLog (GELF Format) and my linux based OS logs via Rsylog. The goal is, in few words, to check if there is log-on and log-off times outside a defined timing ( for example 6h to 22h ). But i don't know how to do that... I tried to apply a filter to my search regarding to the Timestamp, but I don't understand how I get this kind of timestamp : 2016-11-02T12:27:35.553Z It is automatically translated in "YMDH" by the Graylog system, but I can't apply filters on that field like this, because I don't get exactly how it works. I was thinking about a syntax like that on the Graylog search query : timestamp:2016-11-02T13:51:04.659Z TO 2016-12-02T13:51:04.659Z But the "TO" is not existing, and for sure I don't even know how to apply this range, and how to define it from the timestamp. >From a GELF Windows log, i also have the "EventReceivedTime" field, more comprehensive for my human eyes : EventReceivedTime 2016-10-21 15:50:33 But this field it not present on my Syslog logs. That's why I wanted to work on the timestamp instead of the EventReceivedTime. If you have any idea to define this time range, feel free to share :D Thank you ! Sébastien -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/99943073-4bcb-4218-8bc2-3c3272118a9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
