Hi Frank,
On Tuesday, 17 January 2017 10:09:07 UTC+1, Frank wrote:
>
> Well SYSLOGBASE2 formats it as %{SYSLOGTIMESTAMP:timestamp} which is %{MONTH}
> +%{MONTHDAY} %{TIME}.
>
That's unfortunately incorrect. The Graylog "timestamp" has a very strict
format: yyyy-MM-dd HH:mm:ss.SSS
Any other timestamp format in the "timestamp" field leads to corrupt
messages.
> So I think it should be formated correctly, but how can I check the actual
> format of a field after the extractors did run?
>
You can simply query for the messages in the Graylog web interface or check
the Elasticsearch indices directly.
Cheers,
Jochen
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/eb8f836b-ed79-4d2f-b998-a93b1ba961c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
