We have updated our Terms of Service, Code of Conduct, and Addendum.

Why is Auto Timestamp failing to extract a timestamp?

Jon Rust
Jon Rust Posts: 475 mod
in General Discussions

The log looks like this:

2022/04/26 12:00:00 INFO foo bar stuff here

Other time formats also fail. Why?

Best Answer

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    The Auto Timestamp function tries to automatically figure out the time format. Part of that could be a timezone, which is often something like UTC, EDT or PST. All uppercase letters! So the INFO term immediately following the timestamp is mistakenly seen as a timezone, but then fails to parse because it isnt.

    The work arounds:

    • Remove or modify the log level
    • Use the "Additional timestamps" area to explicitly declare your format
    • Modify the existing timestamp to include an explicit timezone
    • My preferred: Extract the text timestamp into a new field without the term following it, then run Auto Timestamp on that field as below:

    Regex Extract: ^(?<__mytime>[0-9\/]+\s[0-9:]+)
    Auto Timestamp: Source Field __mytime

Answers

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    The Auto Timestamp function tries to automatically figure out the time format. Part of that could be a timezone, which is often something like UTC, EDT or PST. All uppercase letters! So the INFO term immediately following the timestamp is mistakenly seen as a timezone, but then fails to parse because it isnt.

    The work arounds:

    • Remove or modify the log level
    • Use the "Additional timestamps" area to explicitly declare your format
    • Modify the existing timestamp to include an explicit timezone
    • My preferred: Extract the text timestamp into a new field without the term following it, then run Auto Timestamp on that field as below:

    Regex Extract: ^(?<__mytime>[0-9\/]+\s[0-9:]+)
    Auto Timestamp: Source Field __mytime

Categories