Keep timestamp field

There are cases when we can lost original timestamp field given from
logs, like when we send our logs to the next fluentd forwarder in chain
of forwarders, it will rewrite our timestamp by default. Save
`Timestamp` field explicitly to avoid such situation and be able to
reconstruct messages date and time.

Closes-Bug: #1781046
Change-Id: I2b4486aedacbe16dc4c0fb2e4e4984bd80e59f2d
This commit is contained in:
Stanislaw Bogatkin 2018-07-10 18:41:42 +03:00
parent 60af6b6501
commit 90b886e555

View File

@ -51,6 +51,7 @@
format_firstline /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[(req-\S+ \S+ \S+ \S+ \S+ \S+|-)\]/ format_firstline /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[(req-\S+ \S+ \S+ \S+ \S+ \S+|-)\]/
format1 /^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) (\[(req-(?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<user_domain>\S+) (?<project_domain>\S+)|-)\])? (?<Payload>.*)?$/ format1 /^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) (\[(req-(?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<user_domain>\S+) (?<project_domain>\S+)|-)\])? (?<Payload>.*)?$/
time_key Timestamp time_key Timestamp
keep_time_key true
time_format %F %T.%L time_format %F %T.%L
ignore_repeated_permission_error true ignore_repeated_permission_error true
enable_watch_timer false enable_watch_timer false