Keep timestamp field
There are cases when we can lost original timestamp field given from logs, like when we send our logs to the next fluentd forwarder in chain of forwarders, it will rewrite our timestamp by default. Save `Timestamp` field explicitly to avoid such situation and be able to reconstruct messages date and time. Closes-Bug: #1781046 Change-Id: I2b4486aedacbe16dc4c0fb2e4e4984bd80e59f2d
This commit is contained in:
parent
60af6b6501
commit
90b886e555
@ -51,6 +51,7 @@
|
|||||||
format_firstline /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[(req-\S+ \S+ \S+ \S+ \S+ \S+|-)\]/
|
format_firstline /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[(req-\S+ \S+ \S+ \S+ \S+ \S+|-)\]/
|
||||||
format1 /^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) (\[(req-(?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<user_domain>\S+) (?<project_domain>\S+)|-)\])? (?<Payload>.*)?$/
|
format1 /^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) (\[(req-(?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<user_domain>\S+) (?<project_domain>\S+)|-)\])? (?<Payload>.*)?$/
|
||||||
time_key Timestamp
|
time_key Timestamp
|
||||||
|
keep_time_key true
|
||||||
time_format %F %T.%L
|
time_format %F %T.%L
|
||||||
ignore_repeated_permission_error true
|
ignore_repeated_permission_error true
|
||||||
enable_watch_timer false
|
enable_watch_timer false
|
||||||
|
Loading…
Reference in New Issue
Block a user