Well SYSLOGBASE2 formats it as %{SYSLOGTIMESTAMP:timestamp} which is %{MONTH}
+%{MONTHDAY} %{TIME}.
So I think it should be formated correctly, but how can I check the actual
format of a field after the extractors did run?
On Friday, January 13, 2017 at 4:39:55 PM UTC+1, Jochen Schalanda wrote:
>
> Hi Frank,
>
> On Friday, 13 January 2017 14:49:56 UTC+1, Frank wrote:
>>
>> There is a grok filter %{SYSLOGBASE2} (from the default logstash grok
>> patterns) which should format the timestamp correctly.
>>
>
> Did you make sure that the "timestamp" field is an actual timestamp and
> not a string after using the Grok extractor?
>
> Cheers,
> Jochen
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/69edd7b4-9167-42aa-bd54-79249c2ecc83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
