Thanks! On Tuesday, November 15, 2016 at 3:25:15 AM UTC-6, Jan Doberstein wrote: > > Hej Drew, > > we have this feature issue in the pipeline repository: > https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/91 > > the answer is - not yet but will be. > > with kind regards > Jan > > 2016-11-14 16:11 GMT+01:00 Drew Miranda <[email protected] <javascript:>>: > >> Hi All, >> Is it possible to do date comparisons in the pipeline rules "then" >> section? I see we can do comparisons in the "WHEN" section. I can't seem to >> find a way to do date diffing though. Also, arithmetic doesn't seem to work >> either. Any ideas? >> >> The reason I'm interested in doing this is writing rules to trigger >> alerts when two datetime values in the message are different by more than 5 >> minutes. For example, the windows event log writes an event every time its >> system time changes, almost always because of Active Directory [server] >> time sync. It has a filed for old and new times. Differences of greater >> than 300 seconds are super important to catch due to issues they can cause. >> Currently i've had to export the messages in CSV and use excel to compute >> this. >> >> Thanks! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/f35a7b9d-509c-4742-b817-463703c7dc2e%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/f35a7b9d-509c-4742-b817-463703c7dc2e%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > | Voice: +49 173 7100308 | Text: [email protected] <javascript:> > | http:// <http://about.me/jandoberstein>jalogis.ch/bio > |--- > | send from my extraordinary device >
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b1c65221-804c-4fda-bb49-5420f0c9d40b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
