[graylog2] Re: Collecting logs from OSX 10.11 El Capitan

[Eric Green]

Try adding
*.* @mygraylog.server.com:514

And see what happens. That is, put the "@" in front of it, and :514 after 
it. This assuming you've set up a UDP syslog receiver on your graylog 
server.

That said, I just tried that, and the only syslog messages I get at the 
other end are the ones I send with

  syslog -s "Hello world"

from the command line.

On Wednesday, February 17, 2016 at 11:12:01 AM UTC-8, Dennis Seaton wrote:
>
> Has anyone had success collecting logs from OSX? What about El Capitan 
> (v10.11.3)?
>
> From what I find on Google it USED to be as simple as adding a line to 
> your syslog.conf file in OSX:
> **.*   mygraylog.server.com *
>
> But that doesn't appear to work anymore, and if you look at the 
> syslog.conf file now it states:
>
> *# Note that flat file logs are now configured in /etc/asl.conf*
>
> When you look at asl.conf it is a completely different format, adding the 
> simple line of text used with syslog.conf doesn't work.
>
> Any tried this recently? Any suggestions?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/349afa27-307b-4d58-87cc-c56b81e350a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog-ctl scripts manual install

[Bernie Carolan]

I have looked through the documentation but cannot find a way of installing 
the graylog-ctl and associated scripts that are included with the virtual 
appliance releases.
Is there some way of doing this rather than copying off the OVA when doing 
a manual install?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5d8e5343-2a3c-4deb-a824-59879d4e9e51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Importing content pack fails

[Eino Tuominen]

Hi Edumundo,

I tried with Chrome and Firefox. Now with Firefox I see these messages in 
the browser console as I try to import a content pack:


Form contains enctype=multipart/form-data, but does not contain 
method=post.  Submitting normally with method=GET and no enctype instead. 
contentpacks

Form contains a file input, but is missing method=POST and 
enctype=multipart/form-data on the form.  The file will not be sent. 
contentpacks

mutating the [[Prototype]] of an object will cause your code to run very 
slowly; instead create the object with the correct initial [[Prototype]] 
value using Object.create app.786dc78a6214afdff38f.js line 1 > eval:19:414


keskiviikko 17. helmikuuta 2016 16.27.13 UTC+2 Edmundo Alvarez kirjoitti:
>
> Hi Eino, 
>
> Thank you for testing the alphas! 
>
> Which browser are you using with Graylog? 
>
> When you say "there are no errors", you mean appearing on the screen or 
> also on the logs? Would you be so kind and try to do it once again, this 
> time with your browser's JS console open? Please share any errors you see 
> in the console and also in the Graylog server logs. 
>
> Regards, 
>
> Edmundo 
>
> > On 17 Feb 2016, at 11:57, Eino Tuominen  > wrote: 
> > 
> > Hello, 
> > 
> > I've tried to create and install a content pack. There are no errors 
> just nothing happens after I try to import it. I'm running alpha 2 version. 
> After trying with many content packs from the market place I tried to 
> create a minimal one myself, but it behaves exactly the same way. The 
> content pack: 
> > 
> > { 
> > 
> >   "name": "Testing", 
> > 
> >   "description": "Testing content pack functionality", 
> > 
> >   "category": "Test", 
> > 
> >   "grok_patterns": [ {   
> > 
> > "name": "TEST", 
> > 
> > "pattern": ".*" 
> > 
> >   }] 
> > 
> > } 
> > 
> > 
> > 
> > -- 
> > 
> >   Eino Tuominen 
> > 
> > 
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/0f800696-3b02-4efb-8fbd-18a3714d5ad6%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5b69becc-6aec-4d43-9ff1-82758a578561%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Collecting logs from OSX 10.11 El Capitan

[Dennis Seaton]

Has anyone had success collecting logs from OSX? What about El Capitan 
(v10.11.3)?

>From what I find on Google it USED to be as simple as adding a line to your 
syslog.conf file in OSX:
**.*   mygraylog.server.com*

But that doesn't appear to work anymore, and if you look at the syslog.conf 
file now it states:

*# Note that flat file logs are now configured in /etc/asl.conf*

When you look at asl.conf it is a completely different format, adding the 
simple line of text used with syslog.conf doesn't work.

Any tried this recently? Any suggestions?


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/daf30f7d-aaf9-4f51-855c-9cfed122ecbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Importing content pack fails

[Edmundo Alvarez]

Thank you for the feedback, I have created a couple of issues in Github with 
the problems you reported. Feel free to add anything if you like:
https://github.com/Graylog2/graylog2-server/issues/1831
https://github.com/Graylog2/graylog2-server/issues/1832

Regards,
Edmundo

> On 17 Feb 2016, at 16:31, thePretender  wrote:
> 
> Thanks for your input, the problem was that extractor_type has changed to 
> type, apparently. (sorry for hijacking the thread)
> 
> On Wednesday, February 17, 2016 at 3:29:43 PM UTC+1, Edmundo Alvarez wrote:
> Hi thePretender, 
> 
> Thank you for testing the alphas! 
> 
> If you are referring to the extractor's import/export pages, that is a 
> different issue I'm afraid. Could you please use alpha 2 and try again? 
> 
> It would also be extremely helpful if you could try with your browser's 
> Javascript console open, and share any errors in the console and the Graylog 
> server logs with us. Regarding the errors exporting extractors, please also 
> share with us the resulting extractor for further analysis. 
> 
> Regards, 
> 
> Edmundo 
> 
> > On 17 Feb 2016, at 14:56, thePretender  wrote: 
> > 
> > Somewhat same problem when importing extractors on alpha 1, getting import 
> > errors but there is no error message containing additional information 
> > anywhere. Exporting a simple extractor results in lots of additional fields 
> > containing metrics information as well(?). Seems like extractors/content 
> > packs from graylog 1.x is incompatible with 2.x? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to graylog2+u...@googlegroups.com. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/graylog2/658f3e45-55be-43d5-a40f-0ed00828d960%40googlegroups.com.
> >  
> > For more options, visit https://groups.google.com/d/optout. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/e5a448ae-a1e4-48eb-90e5-8a595c0a5414%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5B3F94F2-028E-4E3F-8FF6-6170172B27E5%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Replace Timestamp

[Juan Andres Ramirez]

Hello Guys,
 Is posibble replace the Timestamp?. Graylog create a timestamp when 
the logs are send to Graylog, but I need replace the timestamp by date 
inside in logs.
 I'm using Nxlog and here is my input:


  Module im_file
  File 'E:\\Hadoop\\ParsedLogs\\*.*'
  SavePos TRUE
  Exec  if $raw_event =~/^((\d+-\d+-\d+) (\d+:\d+:\d+)),\d+ 
((?:INFO|ERROR|WARN)) (org.apache.hadoop.\w+.\w+): (.*)/ \
{ \
$date = $1; \
$time = $2; \
$Timestamp = parsedate($date + " " + $time); \
$CStatus = $3; \
$Process = $4; \
$Process_result = $5; \
to_json(); \
} \
else \
{ \
drop(); \
}



But now I have a field named Timestamp, and the Histogram show me the 
Timestamp when the log was put in the Graylog. Maybe any way to replace the 
Timestamp in the Histogram?.


I attached an exmple about I told you.
Thank you.



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/63d60185-739d-4b29-a93b-a62735a8a996%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog2 durability

[Rui Goncalves]

Hi pica, 

thanks for your reply. 

The question is: what does that means - "202 Accepted  for processing..."?

1) Got your message and it's stored on journal. Message will be processed 
eventually. It's safe...
2) Got your message and I'm going to store on my journal. Message will be 
lost if graylog terminates suddenly.




On Wednesday, February 17, 2016 at 3:03:59 PM UTC, Joan Picanyol i Puig 
wrote:
>
> * Rui Goncalves > [20160217 13:22]: 
> > Does anyone know where can I find information about messages durability? 
> > 
> > 
> > My question is,  while sending messages via TCP input do I have any 
> > guarantee that messages are persisted in graylog2 journal? 
> > 
> > ex: echo ???log message??? | nc host port 
> > 
> > Before returning, does "log message" is stored on journal and not only 
> > accepted by graylog2? 
>
> TCP does not offer such guarantees to a message sender. 
>
> > What about messages sent via http, as explained here: 
> > http://docs.graylog.org/en/1.3/pages/sending_data.html#gelf-via-http 
>
> From this link: 
>
> The server will return a 202 Accepted when the message was accepted 
> for processing. 
>
> qvb 
> -- 
> pica 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/00108ed4-fc7b-40bc-98b1-1ce140dc8653%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Importing content pack fails

[thePretender]

Thanks for your input, the problem was that extractor_type has changed to 
type, apparently. (sorry for hijacking the thread)

On Wednesday, February 17, 2016 at 3:29:43 PM UTC+1, Edmundo Alvarez wrote:
>
> Hi thePretender, 
>
> Thank you for testing the alphas! 
>
> If you are referring to the extractor's import/export pages, that is a 
> different issue I'm afraid. Could you please use alpha 2 and try again? 
>
> It would also be extremely helpful if you could try with your browser's 
> Javascript console open, and share any errors in the console and the 
> Graylog server logs with us. Regarding the errors exporting extractors, 
> please also share with us the resulting extractor for further analysis. 
>
> Regards, 
>
> Edmundo 
>
> > On 17 Feb 2016, at 14:56, thePretender  > wrote: 
> > 
> > Somewhat same problem when importing extractors on alpha 1, getting 
> import errors but there is no error message containing additional 
> information anywhere. Exporting a simple extractor results in lots of 
> additional fields containing metrics information as well(?). Seems like 
> extractors/content packs from graylog 1.x is incompatible with 2.x? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/658f3e45-55be-43d5-a40f-0ed00828d960%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e5a448ae-a1e4-48eb-90e5-8a595c0a5414%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [Email alert]

[kaiser]

Hello,

I have some questions about email alert.

[Email alert conditions]

--One can use regex in alert conditions. Is there a way to specify that the 
string matches is not case sensitive?
For instance the condition :  "*hello*" will match "HeLlO" string?

--Will it be possible to add possibility in email alert condition an option 
to exclude some string matches like in stream rules?

--How can one test easily if the alert condition is correct without waiting 
for the event to occur?

Regards.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/24ec98ae-427d-43ad-8c8a-55d3a47e38b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog2 durability

[Joan Picanyol i Puig]

* Rui Goncalves  [20160217 13:22]:
> Does anyone know where can I find information about messages durability? 
> 
> 
> My question is,  while sending messages via TCP input do I have any 
> guarantee that messages are persisted in graylog2 journal? 
> 
> ex: echo ???log message??? | nc host port
> 
> Before returning, does "log message" is stored on journal and not only 
> accepted by graylog2?

TCP does not offer such guarantees to a message sender.

> What about messages sent via http, as explained here: 
> http://docs.graylog.org/en/1.3/pages/sending_data.html#gelf-via-http

>From this link:

The server will return a 202 Accepted when the message was accepted
for processing.

qvb
--
pica

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/20160217145152.GA25430%40grummit.biaix.org.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: rewrite incoming messages

['Stefan Krüger' via Graylog Users]

 wow.. thanks that was easy.. i try something like regex ([\d]+.[\d]+.) and 
copy..

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9f055582-08da-4acd-bef7-7ad89c13a6cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Importing content pack fails

[Edmundo Alvarez]

Hi thePretender,

Thank you for testing the alphas!

If you are referring to the extractor's import/export pages, that is a 
different issue I'm afraid. Could you please use alpha 2 and try again?

It would also be extremely helpful if you could try with your browser's 
Javascript console open, and share any errors in the console and the Graylog 
server logs with us. Regarding the errors exporting extractors, please also 
share with us the resulting extractor for further analysis.

Regards,

Edmundo

> On 17 Feb 2016, at 14:56, thePretender  wrote:
> 
> Somewhat same problem when importing extractors on alpha 1, getting import 
> errors but there is no error message containing additional information 
> anywhere. Exporting a simple extractor results in lots of additional fields 
> containing metrics information as well(?). Seems like extractors/content 
> packs from graylog 1.x is incompatible with 2.x?
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/658f3e45-55be-43d5-a40f-0ed00828d960%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/406F6853-C6AE-4C60-8992-18930441DE84%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Importing content pack fails

[Edmundo Alvarez]

Hi Eino,

Thank you for testing the alphas!

Which browser are you using with Graylog?

When you say "there are no errors", you mean appearing on the screen or also on 
the logs? Would you be so kind and try to do it once again, this time with your 
browser's JS console open? Please share any errors you see in the console and 
also in the Graylog server logs.

Regards,

Edmundo

> On 17 Feb 2016, at 11:57, Eino Tuominen  wrote:
> 
> Hello,
> 
> I've tried to create and install a content pack. There are no errors just 
> nothing happens after I try to import it. I'm running alpha 2 version. After 
> trying with many content packs from the market place I tried to create a 
> minimal one myself, but it behaves exactly the same way. The content pack:
> 
> {
> 
>   "name": "Testing",
> 
>   "description": "Testing content pack functionality",
> 
>   "category": "Test",
> 
>   "grok_patterns": [ {  
> 
> "name": "TEST",
> 
> "pattern": ".*"
> 
>   }]
> 
> }
> 
> 
> 
> -- 
> 
>   Eino Tuominen
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/0f800696-3b02-4efb-8fbd-18a3714d5ad6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/EF51DDB5-CCF3-4B01-9AD7-43BDA3208098%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Importing content pack fails

[thePretender]

Somewhat same problem when importing extractors on alpha 1, getting import 
errors but there is no error message containing additional information 
anywhere. Exporting a simple extractor results in lots of additional fields 
containing metrics information as well(?). Seems like extractors/content 
packs from graylog 1.x is incompatible with 2.x?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/658f3e45-55be-43d5-a40f-0ed00828d960%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: rewrite incoming messages

[thePretender]

There is a built in function which does exactly that. 
Inputs -> Manage extractors -> click on desired IP field -> copy input -> 
choose same name and add Anonymize IPv4 addresses as a converter. The IP 
should now be i.e 192.168.1.xxx

On Wednesday, February 17, 2016 at 1:44:42 PM UTC+1, Stefan Krüger wrote:
>
> Hello,
>
> I would like to send apache-logs to graylog ( at the moment i don't know 
> whcih variant i would choose) is it possible to change the IP from the 
> access.log? for example I would like to change the IP from 192.168.1.123 to 
> 192.168.x.x
>
> Thanks for help!
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6793e251-48f8-415b-9b71-091b384417a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] rewrite incoming messages

['Stefan Krüger' via Graylog Users]

Hello,

I would like to send apache-logs to graylog ( at the moment i don't know 
whcih variant i would choose) is it possible to change the IP from the 
access.log? for example I would like to change the IP from 192.168.1.123 to 
192.168.x.x

Thanks for help!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bca00329-affc-4b5f-9965-ae392d3fe719%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog2 durability

[Rui Goncalves]

Does anyone know where can I find information about messages durability? 


My question is,  while sending messages via TCP input do I have any 
guarantee that messages are persisted in graylog2 journal? 

ex: echo “log message” | nc host port

Before returning, does "log message" is stored on journal and not only 
accepted by graylog2?

What about messages sent via http, as explained here: 
http://docs.graylog.org/en/1.3/pages/sending_data.html#gelf-via-http

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4f9eba85-0306-4d63-b543-68ed5a1f0ed8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Importing content pack fails

[Eino Tuominen]

Hello,

I've tried to create and install a content pack. There are no errors just 
nothing happens after I try to import it. I'm running alpha 2 version. 
After trying with many content packs from the market place I tried to 
create a minimal one myself, but it behaves exactly the same way. The 
content pack:

{

  "name": "Testing",

  "description": "Testing content pack functionality",

  "category": "Test",

  "grok_patterns": [ {  

"name": "TEST",

"pattern": ".*"

  }]

}


-- 

  Eino Tuominen


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0f800696-3b02-4efb-8fbd-18a3714d5ad6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] extracting date field from json

[Rui Goncalves]

Hi.

I'm sending JSON messages into a Raw TCP input. I would like to execute 
some extractors on the incoming message.

1) Apply JSON extractor on the incoming "message" field

2) Apply the "Copy input" extractor in the field "tstamp" extracted by 
previous JSON extractor, apply a date converter and store in a new field 
(say d_tstamp). This field contains a date a date in the format: 
-MM-dd'T'HH:mm:ss.SSS'Z'.

I was expecting to see the the elasticsearch mappings containing a field 
d_tstamp 
having type “date”, however the new field d_tstamp is mapped as "string" 
type.

I’ve no experience using elasticsearch, but I can imagine that having a 
field of type "date" indexed as a string is not a good idea. (ex. querying 
date intervals).

I’ve tried to apply a “Copy input” extractor in another field (counter) 
that is a string in the incoming JSON and apply the numeric converter. This 
time the field is stored in ES as a "long" as expected.

Any ideas? Thanks for any help you could provide.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/28550e18-b2fb-4ff5-a2bc-dd307c05faae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.