Implement non-equality comparison of DateTime values

[hc4]

Problem description

I want to drop old messages in rule. So I need to compare timestamp of message with current time

Environment

• Graylog Version: 2.1.0-beta3
• Pipeline Processor plugin version: 1.1.0-beta3

[edmundoa]

Hi,

You can use the now() function to get the current time. Here is an example of how to use it: https://github.com/Graylog2/graylog-plugin-pipeline-processor/blob/68dabe5bd39697f94b9604e47de5b59170f1f308/src/test/resources/org/graylog/plugins/pipelineprocessor/functions/dates.txt

[hc4]

And again I didn't find needed function :) Maybe create some reflection to search for available functions, likie it done for REST API?

[hc4]

And still unable to compare dates, because timestamp field is Object

[edmundoa]

I think you need to parse the date time in the timestamp field of your message, probably with something like:

let timestamp = parse_date($message.timestamp, "yyyy-MM-dd'T'HH:mm:ssZZ");

And then you could subtract the two months from the timestamp variable, which should be a DateTime instance at that point.

[hc4]

but field timestamp already should be DateTime? It is strange to convert it to string and then parse again...

[hc4]

plus/minus-methods not avaialble for DateTime:

[edmundoa]

I'm not sure if we are implicitly converting all message timestamps into DateTime objects, to be honest. It is also not possible to call DateTime's methods, only access its properties. I would say we are still missing some math functions for dates.

[kroepke]

This seems to be a bug. Special handling for DateTime is implemented in == and != but not in the other comparison operators.

After that fix it should work as expected.

[kroepke]

Tentative for 1.1.0, not sure if we can get to it.