Hej Drew, we have this feature issue in the pipeline repository: https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/91
the answer is - not yet but will be. with kind regards Jan 2016-11-14 16:11 GMT+01:00 Drew Miranda <[email protected]>: > Hi All, > Is it possible to do date comparisons in the pipeline rules "then" > section? I see we can do comparisons in the "WHEN" section. I can't seem to > find a way to do date diffing though. Also, arithmetic doesn't seem to work > either. Any ideas? > > The reason I'm interested in doing this is writing rules to trigger alerts > when two datetime values in the message are different by more than 5 > minutes. For example, the windows event log writes an event every time its > system time changes, almost always because of Active Directory [server] > time sync. It has a filed for old and new times. Differences of greater > than 300 seconds are super important to catch due to issues they can cause. > Currently i've had to export the messages in CSV and use excel to compute > this. > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/f35a7b9d-509c-4742-b817-463703c7dc2e%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/f35a7b9d-509c-4742-b817-463703c7dc2e%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- | Voice: +49 173 7100308 | Text: [email protected] | http:// <http://about.me/jandoberstein>jalogis.ch/bio |--- | send from my extraordinary device -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAGm-bLZjCG%2BYRDvqUmVWvbYcA8fKnqfq22t_n4sj3NZZ7YV%3DmA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
