topic Re: Custom timestamp parsing in Getting Data In

How to do custom timestamp parsing?

the_sigma — Fri, 22 Sep 2023 18:13:52 GMT

I'm looking to use the following as my timestamp. What should I use in props as my timestamp format and timestamp prefix.
[20230718:001541.421] : [WARN ]

Re: Custom timestamp parsing

richgalloway — Wed, 20 Sep 2023 17:03:32 GMT

Assuming that represents 18 July 23 00:15:41.421 then the format string would be %Y%m%d:%H%M%S.%3N

Re: Custom timestamp parsing

the_sigma — Wed, 20 Sep 2023 17:27:21 GMT

I tried your string in the datapreview screen. I placed it in the timestamp format field. I used \d{8}\:\d{6}\.\d{3} as the prefix put I'm still getting timestamp=none

Re: Custom timestamp parsing

richgalloway — Wed, 20 Sep 2023 18:08:56 GMT

The prefix is the part that comes *before* the timestamp string and must not describe the timestamp string itself. The prefix for the sample event would be ^[

Re: Custom timestamp parsing

the_sigma — Wed, 20 Sep 2023 20:07:45 GMT

I had already tried that as well but with no luck. It has to be something else that I missing. Thanks for replying though. If I figure it out, I'll post an update here.

Re: Custom timestamp parsing

gcusello — Thu, 21 Sep 2023 07:11:36 GMT

Hi @the_sigma ,

if the timestamp it's at the beginning of the event, you could try:

TIME_PREFIX = ^\[ TIME_FORMAT = %Y%m%d:%H%M%S.%3N

If it isn't at the end of the event, please share some sample of your events, eventually masked, but with the same structure.

Ciao.

Giuseppe