Cribl - Docs

Getting started with Cribl LogStream

Questions? We'd love to help you! Meet us in #cribl (sign up)

    Guides

Auto Timestamp

Description


The Auto Timestamp function extracts time to a destination field given a source field in the event.

Usage


Filter: Filter expression (JS) that selects data to be fed through the function. Defaults to empty - all events will be evaluated.
Description: Simple description about this function. Defaults to empty.
Final: If true, stops data from being fed to the downstream functions. Defaults to No.

Source Field: Field to search for a timestamp. Defaults to _raw.
Destination Field: Field to place extracted timestamp in. Defaults to _time. Nested addressing supported.
Default Timezone: Timezone to parse timestamps lacking timezone info. Defaults to Local.

Advanced Settings


Time Expression: Expression to use to format extracted time. Current time, as a Javascript Date object, is in global time. Defaults to time.getTime() / 1000.
Max Timestamp Scan Depth: Maximum string length where to look for a timestamp.

Additional Timestamps: Add Regex/Strptime pairs to extract additional timestamp formats.

  • Regex: Regex with first capturing group matching the timestamp.
  • Strptime Format: Timestamp in strptime format.

Auto Timestamp


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.