Hi, I tried to add GELF parsing to our servers but I have no idea how to process the timestamp.
GELF requires timestamp to be in "Seconds since UNIX epoch with optional decimal places for milliseconds". https://www.graylog.org/resources/gelf/ Extracting it is not an issue, but is there a way to convert it to something like RFC3339? Thanks, Ciprian -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Fri, Sep 25, 2015 at 12:29 AM, Otis Gospodnetić < [email protected]> wrote: > Awesome, thanks Dave! > > Otis > -- > Monitoring * Alerting * Anomaly Detection * Centralized Log Management > Solr & Elasticsearch Support * http://sematext.com/ > > > On Thu, Sep 24, 2015 at 1:53 AM, David Lang <[email protected]> wrote: > > > On Wed, 23 Sep 2015, Otis Gospodnetić wrote: > > > > Hi, > >> > >> I'm looking into whether we can use rsyslog in Logsene > >> <http://sematext.com/logsene> to accept and parse logs in GELF? > >> > >> I found https://github.com/rsyslog/rsyslog/issues/292 , but that issue > >> seems to be focused on *outputting* "GELFified" logs, while I'm looking > at > >> the "ingest" side of rsyslog. > >> > >> Does rsyslog have any support for that? > >> Just a matter of configuring the parsing of it? > >> > >> I looked at http://search-devops.com/?q=gelf&fc_project=Rsyslog but > >> didn't > >> see anything addressing this. > >> > > > > mmnormalize and liblognorm have a GLEF parser in the most recent versions > > (1.1.2 and 2.0.0 of liblognorm, requires rsyslog 8.13) > > > > David Lang > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
