You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
as a first-timer on telegraf (newbie warning!) I am trying to parse an audit log file with inputs.logparser.grok. The log file has timestamps in Unix Epoch Millis Format (e.g. 1568723594631 for GMT: Tuesday, September 17, 2019 12:33:14.631 PM).
In the description of the logparser plugin, I found a reference to the timestamp modifiers ts-epoch as well as ts-epochnano for converting a timestamp in epoch/epoch-nano format but I have missed a converter for epoch-milli ... Does something like this already exist?
Since I could not find it, I removed the ts-epoch modifiers and wrote the parsed timestamp to a normal field ... which I modified useing the regex plugin to add the missing 000000. I received the correct numbers :) ... but apparently could not use the field named timestamp as the actual timestamp of the measurement ...
Kind regards,
Michael
The text was updated successfully, but these errors were encountered:
There is no support currently, but it would make sense to add a ts-epochms.
danielnelson
changed the title
inputs.logparser.grok: Timestamp modifiers ts-epoch and ts-epochnano but no ts-epochmilli?
Add millisecond unix epoch time support to grok parser
Sep 17, 2019
Currently we support ts-epoch, ts-epochnano but not milliseconds from
unix epoch time. This PR adds support for milliseconds since unix epoch.
Fixesinfluxdata#6406
Hi there,
as a first-timer on telegraf (newbie warning!) I am trying to parse an audit log file with inputs.logparser.grok. The log file has timestamps in Unix Epoch Millis Format (e.g. 1568723594631 for GMT: Tuesday, September 17, 2019 12:33:14.631 PM).
In the description of the logparser plugin, I found a reference to the timestamp modifiers ts-epoch as well as ts-epochnano for converting a timestamp in epoch/epoch-nano format but I have missed a converter for epoch-milli ... Does something like this already exist?
Since I could not find it, I removed the ts-epoch modifiers and wrote the parsed timestamp to a normal field ... which I modified useing the regex plugin to add the missing 000000. I received the correct numbers :) ... but apparently could not use the field named timestamp as the actual timestamp of the measurement ...
Kind regards,
Michael
The text was updated successfully, but these errors were encountered: