search

cloudfoundry-community / splunk-firehose-nozzle

Send CF component metrics, CF app logs, and CF app metrics to Splunk
Apache License 2.0
29 stars 29 forks source link

Nanoseconds in timestamp #316

Closed kashyap-splunk closed 2 years ago

kashyap-splunk commented 2 years ago

This is to fix an issue, where events with micro/nano second timestamps were not sorted properly due to timestamps getting truncated up to milliseconds.

luckyj5 commented 2 years ago

@kashyap-splunk Does HEC support nano second yet?

kashyap-splunk commented 2 years ago

Yes @luckyj5 . I was not sure as I could not find the explicit info in docs. But I tried and I was able to get nanoseconds in the events. An example from recent events:

75066550-31DC-4877-A092-28241FF23AF4_1_105_c

luckyj5 commented 2 years ago

Yes @luckyj5 . I was not sure as I could not find the explicit info in docs. But I tried and I was able to get nanoseconds in the events. An example from recent events:

75066550-31DC-4877-A092-28241FF23AF4_1_105_c

@kashyap-splunk Does users have option to control it if they aren't looking for nano second precision?

kashyap-splunk commented 2 years ago

No, it will be nanosecond precision always if this change is done. It can be made configurable via an additional config param if this seems to potentially cause any issues.

luckyj5 commented 2 years ago

@kashyap-splunk is this in scope and waiting on approval?

luckyj5 commented 2 years ago

Approving this PR as its reviewed and approved by @aryznar-splunk internally. A documentation update (breaking change) would be good to add here. Thanks!