Hi folks, running into a strange issue here. Taking the following json:
{
@timestamp: 2018-08-29T13:07:10.508997+00:00
component: auth-proxy-
event: Health Call
eventdetails: Health check call is good : status 200
level: info
message: Health check ok
outcome: pass
step: healthCheck
}
The data comes in as a sourcetype of 'fluentd_json' and comes into my HF. I have tried the following as a props.conf:
[ fluentd_json ]
TIMESTAMP_FIELDS = @timestamp
as well as
[ fluentd_json ]
TIMESTAMP_FIELDS = @timestamp
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%N%Z
but it doesn't seem to work fully. I have tried to use that props on both my indexer cluster as well as my HF. Both restarted as well.
For some reason it omits the milliseconds
↧