topic Getting metrics timestamp in future in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Getting-metrics-timestamp-in-future/m-p/512020#M86902 <P>Hello, I am trying to get metrics from RouterOS using scripting (logs are forwarded using UDP)</P><P>I end up with all timestamps 3 hours in the future (tried adding TZ = GMT, didn't help)</P><P>I created a custom format like this: `script, debug &lt;TIMESTAMP&gt; metric_name=firewall_rule &lt;OTHER.DIMS..&gt; packets=100 bytes = 11`</P><P>Example:</P><P>script, debug aug/01/2020 17:35:14 +03:00:00 metric_name=firewall_rule rule=dummy bytes=12345 packet=40</P><P>I also tried doing</P><P>&nbsp;</P><LI-CODE lang="markup">| makeresults | eval test=strptime("aug/01/2020 17:35:14 +03:00:00", "%b/%d/%Y %T %::z")</LI-CODE><P>&nbsp;</P><P>And I get correct UNIX timestamp in query results</P><P>transforms.conf</P><DIV>&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="markup">[metric-schema:log2metrics_mikrotik_keyvalue] METRIC-SCHEMA-MEASURES-firewall_rule = packets, bytes</LI-CODE><P>&nbsp;</P><DIV>&nbsp;</DIV><P>props.conf</P><DIV>&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="markup">[log2metrics_mikrotik_keyvalue] DATETIME_CONFIG = LINE_BREAKER = ([\r\n]+) METRIC-SCHEMA-TRANSFORMS = metric-schema:log2metrics_mikrotik_keyvalue NO_BINARY_CHECK = true TRANSFORMS-EXTRACT = field_extraction category = Metrics pulldown_type = 1 # RouterOS # mmm/dd/yyyy HH:MM:SS [+-]TZHH:TZMM:TZSS TIME_FORMAT = %b/%d/%Y %T %::z TZ = GMT disabled = false SHOULD_LINEMERGE = false BREAK_ONLY_BEFORE_DATE = PREAMBLE_REGEX = script,debug </LI-CODE><P>&nbsp;</P> Sat, 01 Aug 2020 15:10:17 GMT nazar554 2020-08-01T15:10:17Z Getting metrics timestamp in future https://community.splunk.com/t5/Getting-Data-In/Getting-metrics-timestamp-in-future/m-p/512020#M86902 <P>Hello, I am trying to get metrics from RouterOS using scripting (logs are forwarded using UDP)</P><P>I end up with all timestamps 3 hours in the future (tried adding TZ = GMT, didn't help)</P><P>I created a custom format like this: `script, debug &lt;TIMESTAMP&gt; metric_name=firewall_rule &lt;OTHER.DIMS..&gt; packets=100 bytes = 11`</P><P>Example:</P><P>script, debug aug/01/2020 17:35:14 +03:00:00 metric_name=firewall_rule rule=dummy bytes=12345 packet=40</P><P>I also tried doing</P><P>&nbsp;</P><LI-CODE lang="markup">| makeresults | eval test=strptime("aug/01/2020 17:35:14 +03:00:00", "%b/%d/%Y %T %::z")</LI-CODE><P>&nbsp;</P><P>And I get correct UNIX timestamp in query results</P><P>transforms.conf</P><DIV>&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="markup">[metric-schema:log2metrics_mikrotik_keyvalue] METRIC-SCHEMA-MEASURES-firewall_rule = packets, bytes</LI-CODE><P>&nbsp;</P><DIV>&nbsp;</DIV><P>props.conf</P><DIV>&nbsp;</DIV><P>&nbsp;</P><LI-CODE lang="markup">[log2metrics_mikrotik_keyvalue] DATETIME_CONFIG = LINE_BREAKER = ([\r\n]+) METRIC-SCHEMA-TRANSFORMS = metric-schema:log2metrics_mikrotik_keyvalue NO_BINARY_CHECK = true TRANSFORMS-EXTRACT = field_extraction category = Metrics pulldown_type = 1 # RouterOS # mmm/dd/yyyy HH:MM:SS [+-]TZHH:TZMM:TZSS TIME_FORMAT = %b/%d/%Y %T %::z TZ = GMT disabled = false SHOULD_LINEMERGE = false BREAK_ONLY_BEFORE_DATE = PREAMBLE_REGEX = script,debug </LI-CODE><P>&nbsp;</P> Sat, 01 Aug 2020 15:10:17 GMT https://community.splunk.com/t5/Getting-Data-In/Getting-metrics-timestamp-in-future/m-p/512020#M86902 nazar554 2020-08-01T15:10:17Z