Parsing custom date formats

By default, the syslog-ng aggregator uses the time when a message has been received on its input source as the timestamp. If you want to use the timestamp written in the message metadata, you can use a date-parser.

Available in Logging operator version 4.5 and later.

To use the timestamps written by the container runtime (cri or docker) and parsed by Fluent Bit, define the sourceDateParser in the syslog-ng spec.

kind: Logging
metadata:
  name: example
spec:
  syslogNG:
    sourceDateParser: {}

You can also define your own parser format and template. The following example shows the default values.

kind: Logging
metadata:
  name: example
spec:
  syslogNG:
    sourceDateParser:
      format: "%FT%T.%f%z"
      template: "${json.time}"

Last modified April 26, 2024: Merge pull request #240 from kube-logging/pepov-patch-1 (e4b8853)