Hi Rui, the timestamp field has to contain a valid date value, not a string that looks like a date.
You can use the message processing pipeline or the date extractor for this: http://docs.graylog.org/en/2.2/pages/extractors.html#normalization http://docs.graylog.org/en/2.2/pages/pipelines.html Cheers, Jochen On Friday, 10 February 2017 15:57:13 UTC+1, Rui Goncalves wrote: > > Hi all. > I want to send JSON documents into graylog containing a field ("ts") that > contains the timestamp event. I'm unable to set the "ts" field value as > "timestamp" value. Graylog sets a timestamp field when the message is > received, and I'm unable to update that field to "ts" value! > > Sample message: {"ts": "2017-02-10T12:13:42Z", msg="xxxx", service="yyy", > ... } > > 1. I've created a raw TCP > 2. Added a JSON extractor, so all JSON fields get extracted > 3. Added an extractor to cut ts field and store on the timestamp field. > > I was expecting to get the timespamp field with the ts value! :-/ I've > also tried to rename the "ts" field in the source document to "timestamp", > but it does not work either. > > Is that possible to update the timestamp field? > > Thanks, > Rui > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/418a86ef-7bfa-4aa1-b039-ef3eb554afe5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
