[graylog2] Re: Overwriting Timestamp field using Pipeline rules

id format: "2017-02-08 15:05:59,170" is malformed at "17-02-08 15:05:59,170" It doesn't seem to have any adverse effects, but I'm curious as to what might be causing it? On Wednesday, February 8, 2017 at 1:56:17 PM UTC-5, Al Reynolds wrote: > > Figured it out-

[graylog2] Re: Overwriting Timestamp field using Pipeline rules

Logs"); end I was under the impression that the timezone was optional? Thanks for all your help with this Jochen--it's greatly appreciated! Cheers, Al On Wednesday, February 8, 2017 at 11:05:22 AM UTC-5, Al Reynolds wrote: > > That's what I get for typing it out...thank yo

[graylog2] Re: Overwriting Timestamp field using Pipeline rules

(matches); let date = parse_date(to_string($message.WO_Timestamp), "-MM-dd HH:mm:ss,SSS"); set_field("timestamp", date); route_to_stream("WideOrbit Logs"); end Thanks! Cheers, Al On Wednesday, February 8, 2017 at 10:55:03 AM UTC-5, Jochen Schalanda wro

[graylog2] Re: Overwriting Timestamp field using Pipeline rules

tches = grok(pattern: "%{WO_CS_RAS_CS_MESSAGE}", value: > to_string($message.message)); > set_fields(matches); > let date = parse_date(to_string($message.WO_Timestamp), "-MM-dd > HH:mm:ss,sss"); > set_field("timestamp", date); >

[graylog2] Overwriting Timestamp field using Pipeline rules

Hello all, I'm attempting to switch our logging infrastructure from the ELK stack to Graylog, but I'm running into an issue with the pipeline rules and replacing the timestamp field. Rule below: rule "WO-CS-RAS" when contains(to_string($message.file),"centralserver\\ras-server\\log\\ras

[graylog2] Re: Graylog2 and Cisco sw's syslog message parsing.

I was able to get around this issue by using the origin-id command, which allows you to specify the name of the switch. Cisco documentation on the command is here . Hope this helps! Cheers,