Hej Drew, we have this feature issue in the pipeline repository: https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/91
the answer is - not yet but will be. with kind regards Jan 2016-11-14 16:11 GMT+01:00 Drew Miranda <gee...@gmail.com>: > Hi All, > Is it possible to do date comparisons in the pipeline rules "then" > section? I see we can do comparisons in the "WHEN" section. I can't seem to > find a way to do date diffing though. Also, arithmetic doesn't seem to work > either. Any ideas? > > The reason I'm interested in doing this is writing rules to trigger alerts > when two datetime values in the message are different by more than 5 > minutes. For example, the windows event log writes an event every time its > system time changes, almost always because of Active Directory [server] > time sync. It has a filed for old and new times. Differences of greater > than 300 seconds are super important to catch due to issues they can cause. > Currently i've had to export the messages in CSV and use excel to compute > this. > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/f35a7b9d-509c-4742-b817-463703c7dc2e%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/f35a7b9d-509c-4742-b817-463703c7dc2e%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- | Voice: +49 173 7100308 | Text: j...@jalogisch.de | http:// <http://about.me/jandoberstein>jalogis.ch/bio |--- | send from my extraordinary device -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAGm-bLZjCG%2BYRDvqUmVWvbYcA8fKnqfq22t_n4sj3NZZ7YV%3DmA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
