Hi Frank,
On Friday, 13 January 2017 14:49:56 UTC+1, Frank wrote:
>
> There is a grok filter %{SYSLOGBASE2} (from the default logstash grok
> patterns) which should format the timestamp correctly.
>
Did you make sure that the "timestamp" field is an actual timestamp and not
a string after using the Grok extractor?
Cheers,
Jochen
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/55f3d8f4-3007-4c4a-8a37-1a99bf968972%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
