The log looks like this:
2022/04/26 12:00:00 INFO foo bar stuff here
Other time formats also fail. Why?
Question
Why is Auto Timestamp failing to extract a timestamp?
The Auto Timestamp function tries to automatically figure out the time format. Part of that could be a timezone, which is often something like UTC, EDT or PST. All uppercase letters! So the INFO term immediately following the timestamp is mistakenly seen as a timezone, but then fails to parse because it isnt.
The work arounds:
- Remove or modify the log level
- Use the "Additional timestamps" area to explicitly declare your format
- Modify the existing timestamp to include an explicit timezone
- My preferred: Extract the text timestamp into a new field without the term following it, then run Auto Timestamp on that field as below:
Regex Extract: ^(?<__mytime>[0-9\/]+\s[0-9:]+)
Auto Timestamp: Source Field __mytime
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.