Specifying timeframe

[ghost]

I'm ingesting this log line:

[2021-09-06 10:00:00 AEST] INFO This is my first log line...

I have the following specified in td-agent.conf:

<source>
  @type tail
  path C:/path/to/your/log/file.log
  pos_file C:/path/to/your/log/file.log.pos
  tag first.*
  <parse>
    @type regexp
      expression /^\[(?<time>[^\]]+)\] (?<loglevel>[^\s]+) (?<payload>.+)$/
  </parse>
</source>

<match first.**>
  @type              dynatrace
  active_gate_url    https://ACTIVEGATE_IP:9999/e/DT_TENANT_ID/api/v2/logs/ingest
  api_token          ***
  ssl_verify_none    true
</match>

I can see the log entries in Dynatrace but the timestamp is always the current time and doesn't reflect the time parameter.

Is there a way to configure this?

[dyladan]

Hello @Dynatrace-Adam-Gardner. I would suggest you use a filter record_transformer to insert the timestamp into the content. We are looking at ways to make this more seamless in the future.

<source>
  @type tail
  path C:/path/to/your/log/file.log
  pos_file C:/path/to/your/log/file.log.pos
  tag first.*
  <parse>
    @type regexp
      expression /^\[(?<time>[^\]]+)\] (?<loglevel>[^\s]+) (?<payload>.+)$/
  </parse>
</source>

<filter first.**>
  @type record_transformer
  <record>
    timestamp ${time}
  </record>
</filter>

<match first.**>
  @type              dynatrace
  active_gate_url    https://ACTIVEGATE_IP:9999/e/DT_TENANT_ID/api/v2/logs/ingest
  api_token          ***
  ssl_verify_none    true
</match>

edit: a previously suggested solution won't work since the time stamp would be in the incorrect format

[dyladan]

Hope this workaround helped. Feel free to reopen this issue if not.

[dyladan]

With the 0.1.6 release you can now set the inject_timestamp configuration true to get the timestamp injected into the log message in a format that can be recognized by Dynatrace.