Parsing custom date formats

By default, the syslog-ng aggregator uses the time when a message has been received on its input source as the timestamp. If you want to use the timestamp written in the message metadata, you can use a date-parser.

Available in Logging operator version 4.5 and later.

To use the timestamps written by the container runtime (cri or docker) and parsed by Fluent Bit, define the sourceDateParser in the syslog-ng spec.

kind: Logging
metadata:
  name: example
spec:
  syslogNG:
    sourceDateParser: {}

You can also define your own parser format and template. The following example shows the default values.

kind: Logging
metadata:
  name: example
spec:
  syslogNG:
    sourceDateParser:
      format: "%FT%T.%f%z"
      template: "${json.time}"

Last modified January 15, 2026: Merge 5577547291e90495a90e1d6d0b91fa3572705954 into e6b6700e180c0d84b1f706e59d19f16be470081a (6c4670a)