I'm trying to forward logs to my Graylog server using nxlog, and it's working fine, except for one minor problem which I've been unable to fix:

The date/time format in the log is as follows:

2016/03/17    07:06:27 AM     Message

I have been able to extract the date into $1 and time into $2 with regex (and message into $3) without an issue. However, I'm unable to parse the combination of the two as a date and get it into 24H format using parsedate or strptime.

Any ideas how I can populate $EventTime with the date + 24H time format from the above? Everything I try seems to result in the field being undefined.


AskedMarch 21, 2016 - 11:40am

Have you tried strptime() ? This can handle the AM/PM format.

    Initially I was trying to use that but it appears that I was using %H for hours instead of %I. This is now working perfectly:

         $TestEventTime = strptime($1 + ' ' + $2, '%Y/%m/%d %I:%M:%S %p'); 

    However, I now have another problem. If I use $EventTime instead of $TestEventTime, the field does not make it through to Graylog. I'm not sure nxlog is using this variable correctly for the timestamp. Any ideas?

    In fact it's working as it should. My test data was outside my search window (since I have just been copying/pasting the same lines to get test data).