Cribl - Docs

Getting started with Cribl LogStream

Questions? We'd love to help you! Meet us in #cribl (sign up)

Changelog    Guides

Auto Timestamp Function

Description


The Auto Timestamp function extracts time to a destination field given a source field in the event.

Usage


Filter: Filter expression (JS) that selects data to be fed through the function. Defaults to empty - all events will be evaluated.

Description: Simple description about this function. Defaults to empty.

Final: If true, stops data from being fed to the downstream functions. Defaults to No.

Source Field: Field to search for a timestamp. Defaults to _raw.

Destination Field: Field to place extracted timestamp in. Defaults to _time.

Default Timezone: Timezone to parse timestamps lacking timezone info. Defaults to Local.

Advanced Settings


Time Expression: Expression to use to format extracted time. Current time, as a Javascript Date object, is in global time. Defaults to time.getTime() / 1000.

Max Timestamp Lookahead: Maximum string length where to look for a timestamp

Additional Timestamps: Add Regex/Strptime pairs to extract additional timestamp formats.

  • Regex: Regex with group one matching the timestamp.

  • Strptime Format: Timestamp in strptime format.