eventTime is mostly empty for event logs

resmoio / kubernetes-event-exporter

Export Kubernetes events to multiple destinations with routing and filtering

Apache License 2.0

769 stars 154 forks source link

eventTime is mostly empty for event logs #62

Open allahshukur-ahmadzada opened 1 year ago

allahshukur-ahmadzada commented 1 year ago

why most of the event logs comes with empty eventTime field? it is a bug?

allahshukur-ahmadzada commented 1 year ago

I was looking to use eventTime as timestamp for opensearch index pattern but its being null for majority of events makes it useless

cristifalcas commented 7 months ago

same problem for me

madddi commented 3 weeks ago

I worked around this issue using an ingest pipeline that looks like this:

{
  "processors": [
    {
      "set": {
        "field": "@timestamp",
        "value": "{{eventTime}}",
        "if": "ctx.eventTime != null"
      }
    },
    {
      "set": {
        "field": "@timestamp",
        "value": "{{firstTimestamp}}",
        "if": "ctx.firstTimestamp != null"
      }
    }
  ]
}

It's not perfect, but at least I can use the Discover view now...