Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: Logging 6.4.z
Affects Version/s: Logging 6.4.z
Component/s: Log Collection
Labels:
- devel_ack+

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs QE Status:
NEW
QE Status:
NEW
Release Note Type:
Bug Fix
Intelligence Requested:
Market:

Severity:
Low

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description of problem:

~~LOG-7609~~ proposed to add a feature to extract the timestamp from logs at the point of ingestion. Investigation of the sink determined this to be problematic because it only evaluates the first N bytes of the message and it may not be consistent if they payload has more then one timestamp value (i.e. message is Viaq json). Additional inspection of ViaQ normalization found that timestamp is extracted from the log event for all sources with the exception of kube and openshift API audit logs.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

is related to

LOG-7609 Allow configuration of splunk to auto extract the timestamp

Closed

LOG-7612 Add auto extract timestamp to Splunk tuning

Closed

relates to

OBSDA-1185 Feature to enable "auto_extract_timestamp=true" from Red hat logging operator to splunk

In Progress

links to

Slack Discussion

Assignee:: Unassigned

Reporter:: Jeffrey Cantrill

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2025/10/15 2:03 PM

Updated:: 2025/10/15 2:11 PM

Details

Description

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates