VMware Cloud Community
ahcen
Contributor
Contributor
‎01-22-2020 07:20 AM

Use provided timestamp as event time

Hello,

I'm sending logs to logInsight and want the event time to use the provided timestamp.

Example :

timestamp=22-01-2020 15:12:53;template=;dataid=StoreHeader:storeId:11708

timestamp=22-01-2020 15:12:53;template=;dataid=StoreHeader:storeId:11101

The parsing is correct but the event time does not use the provided timestamp but the time when the log data is processed by the agent..

pastedImage_0.png

What's the correct way to have LogInsigh using the provided timestamp ?

Used parser:

[parser|CacheivlParser]

base_parser=kvp

fields=*

delimiter=";"

debug=yes

field_decoder={"timestamp": "TableSize_tsp_parser"}

[parser|TableSize_tsp_parser]

base_parser=timestamp

debug=no

format=%d-%m-%Y %H:%M:%S

Labels (2)
Labels
0 Kudos
1 Reply
Alex_Romeo
Leadership
Leadership
‎01-22-2020 07:38 AM

Hi,

LucD has published many articles in his blog related to this topic, here is the link:

LogInsight Module - LucD notes

----

Other link:

Log Insight API documentation

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos