How to use Unix Timestamp field for Log defaultDateFormats field

Follow
Avatar
William Wynn

The automaticDateParsing option isn't working well for my logs because Sumo is grabbing the wrong field to parse, so I'm looking into setting up the defaultDateFormats setting.

The only examples provided specify how to parse a human readable timestamp: https://help.sumologic.com/docs/send-data/use-json-configure-sources/#timestamp-example

Is there a way to have it use a field containing a Unix Timestamp? How would I configure this?

Essentially my logs are in JSON format and have a field that looks like: "timestamp":1675853899101

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Harinder Bhandari
    • Edited

    Unix epoch timestamps are supported in the following formats:

    • 10 digit epoch time format surrounded by brackets (or followed by a comma). The digits must be at the very start of the message. For example, [1234567890] or [1234567890, other] followed by the rest of the message.
    • 13 digit epoch time. The 13 digits must be at the very start of the message. For example, 1234567890123... followed by the rest of the message.

    If the epoch timestamp is not the first timestamp starting from left, you have to use "Specifying a custom timestamp format" as explained in the link you provided for "Timestamps, Time Zones, Time Ranges, and Date Formats". 

    Based on the example you have given, you can use this Regex for specifying the custom timestamp format:

    \"timestamp"\:(.*?)

    Hope this helps.

     

    1
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post