Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add millisecond unix epoch time support to grok parser #6406

Closed
michael-engler opened this issue Sep 17, 2019 · 3 comments · Fixed by #6476
Closed

Add millisecond unix epoch time support to grok parser #6406

michael-engler opened this issue Sep 17, 2019 · 3 comments · Fixed by #6476
Labels
area/tail feature request Requests for new plugin and for new features to existing plugins

Comments

@michael-engler
Copy link

michael-engler commented Sep 17, 2019

Hi there,

as a first-timer on telegraf (newbie warning!) I am trying to parse an audit log file with inputs.logparser.grok. The log file has timestamps in Unix Epoch Millis Format (e.g. 1568723594631 for GMT: Tuesday, September 17, 2019 12:33:14.631 PM).

In the description of the logparser plugin, I found a reference to the timestamp modifiers ts-epoch as well as ts-epochnano for converting a timestamp in epoch/epoch-nano format but I have missed a converter for epoch-milli ... Does something like this already exist?

Since I could not find it, I removed the ts-epoch modifiers and wrote the parsed timestamp to a normal field ... which I modified useing the regex plugin to add the missing 000000. I received the correct numbers :) ... but apparently could not use the field named timestamp as the actual timestamp of the measurement ...

Kind regards,
Michael

@danielnelson danielnelson added area/tail feature request Requests for new plugin and for new features to existing plugins labels Sep 17, 2019
@danielnelson
Copy link
Contributor

There is no support currently, but it would make sense to add a ts-epochms.

@danielnelson danielnelson changed the title inputs.logparser.grok: Timestamp modifiers ts-epoch and ts-epochnano but no ts-epochmilli? Add millisecond unix epoch time support to grok parser Sep 17, 2019
@rajiv-k
Copy link
Contributor

rajiv-k commented Sep 29, 2019

@danielnelson I can take a shot at this, if no one is already working on this.

@danielnelson
Copy link
Contributor

@rajiv-k That would be great, thank you

rajiv-k added a commit to rajiv-k/telegraf that referenced this issue Oct 3, 2019
Currently we support ts-epoch, ts-epochnano but not milliseconds from
unix epoch time. This PR adds support for milliseconds since unix epoch.

Fixes influxdata#6406
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/tail feature request Requests for new plugin and for new features to existing plugins
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants