Hi Al, On Wednesday, 8 February 2017 15:11:34 UTC+1, Al Reynolds wrote: > > I was under the impression that using the "parse_date" function would > create a Date object? >
It does, see http://docs.graylog.org/en/2.1/pages/pipelines/functions.html#parse-date for reference. But your date pattern may be wrong (see http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html for reference). Please share some example messages, so that we can validate your rule. > As for "$timestamp" instead of "timestamp", I was trying different > configurations, and thought that since the message field is referenced as > "$message" I would try that format. What does the "$" indicate? > The $ character is simply part of the variable name containing the current message (which is "$message"). It doesn't have a special meaning. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/acd02ab0-564b-46cc-bab8-627170b05489%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
