Getting started with Cribl LogStream

Auto Timestamp


The Auto Timestamp function extracts time to a destination field given a source field in the event.


Filter: Filter expression (JS) that selects data to be fed through the function. Defaults to empty - all events will be evaluated.
Description: Simple description about this function. Defaults to empty.
Final: If true, stops data from being fed to the downstream functions. Defaults to No.

Source Field: Field to search for a timestamp. Defaults to _raw.
Destination Field: Field to place extracted timestamp in. Defaults to _time. Nested addressing supported.
Default Timezone: Timezone to parse timestamps lacking timezone info. Defaults to Local.

Advanced Settings

Time Expression: Expression to use to format extracted time. Current time, as a Javascript Date object, is in global time. Defaults to time.getTime() / 1000.
Max Timestamp Scan Depth: Maximum string length where to look for a timestamp.

Additional Timestamps: Add Regex/Strptime pairs to extract additional timestamp formats.

  • Regex: Regex with first capturing group matching the timestamp.
  • Strptime Format: Timestamp in strptime format.

Auto Timestamp

