Hi Frank,
On Tuesday, 17 January 2017 10:09:07 UTC+1, Frank wrote:
>
> Well SYSLOGBASE2 formats it as %{SYSLOGTIMESTAMP:timestamp} which is %{MONTH}
> +%{MONTHDAY} %{TIME}.
>
That's unfortunately incorrect. The Graylog "timestamp" has a very strict
format: yyyy-MM-dd HH:mm:ss.SSS
Any other timestamp format in the "timestamp" field leads to corrupt
messages.
> So I think it should be formated correctly, but how can I check the actual
> format of a field after the extractors did run?
>
You can simply query for the messages in the Graylog web interface or check
the Elasticsearch indices directly.
Cheers,
Jochen
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/eb8f836b-ed79-4d2f-b998-a93b1ba961c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
