This repository was archived by the owner on Mar 21, 2023. It is now read-only.
This repository was archived by the owner on Mar 21, 2023. It is now read-only.
parse_date use multiple pattern #244
Description
Using parse_date is the only option to use if you have to work with exact times. flex_parse_date would could of provided micro seconds.
Having the option to provide multiple pattern that parse_date tries before it uses a default or does nothing would help to simplify the rules that need to be written to work with the _ standard_ syslog time.
let new_date = to_string($message.log_date);
let time = parse_date(
value:new_date,
pattern:"MMM dd HH:mm:ss.SSS",
pattern:"MMM dd HH:mm:ss ZZZ",
pattern:"MMM dd HH:mm:ss.SSS ZZZ",
timezone:"CET"
);
set_field("processed_time", time);
related to: #243
Environment
- Graylog Version: 2.4.3