search

Graylog2 / graylog-plugin-pipeline-processor

[DEPRECATED] Graylog Pipeline Message Processor Plugins
https://www.graylog.org/
GNU General Public License v3.0
21 stars 14 forks source link

parse_date use multiple pattern #244

Open jalogisch opened 6 years ago

jalogisch commented 6 years ago

Using parse_date is the only option to use if you have to work with exact times. flex_parse_date would could of provided micro seconds.

Having the option to provide multiple pattern that parse_date tries before it uses a default or does nothing would help to simplify the rules that need to be written to work with the standard syslog time.

let new_date = to_string($message.log_date);
let time = parse_date(
                    value:new_date, 
                    pattern:"MMM dd HH:mm:ss.SSS",
                    pattern:"MMM dd HH:mm:ss ZZZ",
                    pattern:"MMM dd HH:mm:ss.SSS ZZZ",
                    timezone:"CET"
                    );          
set_field("processed_time", time);

related to: https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/243

Environment