Auto Timestamp function extracts time to a destination field given a source field in the event.
Filter: Filter expression (JS) that selects data to be fed through the function. Defaults to empty - all events will be evaluated.
Description: Simple description about this function. Defaults to empty.
Final: If true, stops data from being fed to the downstream functions. Defaults to
Source Field: Field to search for a timestamp. Defaults to
Destination Field: Field to place extracted timestamp in. Defaults to
_time. Nested addressing supported.
Default Timezone: Timezone to parse timestamps lacking timezone info. Defaults to
time. Defaults to
time.getTime() / 1000.
Max Timestamp Scan Depth: Maximum string length where to look for a timestamp.
Additional Timestamps: Add Regex/Strptime pairs to extract additional timestamp formats.
- Regex: Regex with first capturing group matching the timestamp.
- Strptime Format: Timestamp in strptime format.