On Wed, 23 Nov 2016, mosto...@gmail.com wrote:
you can combine variables to form a string that looks like a date in the output, but you can't take arbitrary date parts in a log message and parse them into a real timestamp field that would let you output it in different formats.back on my pipeline proposal, wouldn't this solve the issue? pipeline { input() processor() //extract %year%,%month%,%day%processor() //merge "%year%:%month%:%day%" as date type property/fieldoutput() }
you don't need to invent pipelines and change how rsyslog processes things, you need need to add the merge function.
The problem is the fact that there are so many ways timestamp data can be scattered in a log message. take a look at the output of date --help and look at all the formatting options. I guarantee that some log somewhere will use every one of them.
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
