REQ: Ruby example

[coolacid]

From IRC:

is there a way to compare timestamps? I sometimes receive very old timestamps from broken syslog entries (Can't figure out why yet) and I just want to drop them instead of creating a ton of new ES indices with 1 doc. I'd like to drop anything with ex.: timestamp>15 days old

[shurane]

Is there an example set of lines for Syslog? We should definitely do a series of requests, related to https://github.com/coolacid/GettingStartedWithELK/issues/11#issuecomment-49081466