graylog-plugin-pipeline-processor icon indicating copy to clipboard operation
graylog-plugin-pipeline-processor copied to clipboard

Published 20 hours ago verified publisher icon Graylog2

parse_date use multiple pattern

Open jalogisch opened this issue 7 years ago • 0 comments
trafficstars

Using parse_date is the only option to use if you have to work with exact times. flex_parse_date would could of provided micro seconds.

Having the option to provide multiple pattern that parse_date tries before it uses a default or does nothing would help to simplify the rules that need to be written to work with the _ standard_ syslog time.

let new_date = to_string($message.log_date);
let time = parse_date(
					value:new_date, 
					pattern:"MMM dd HH:mm:ss.SSS",
					pattern:"MMM dd HH:mm:ss ZZZ",
					pattern:"MMM dd HH:mm:ss.SSS ZZZ",
					timezone:"CET"
					);			
set_field("processed_time", time);

related to: https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/243

Environment

  • Graylog Version: 2.4.3

jalogisch avatar Feb 01 '18 15:02 jalogisch