Dear team,
Thanks for the Add-on, it works great.
I just have plenty of this timestamp issue :
01-12-2020 22:45:55.239 +0000 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (500) characters of event. Defaulting to timestamp of previous event (Sun Jan 12 22:40:00 2020). Context: source=dynatrace_timeseries_metrics://Dynatrace_Timeseries_Metrics|host=heavy-forwarder|dynatrace:metrics|
I believe it is due to this message in sourcetype dynatrace:metrics which has no timestamp :
{"dynatrace_server":"https://rioxxxxx.live.dynatrace.com"}
Would you know if there is a way to get rid of it ?
I mean I can send to nullqueue but I would still got all these timestamp issues I am trying to clean up.
Thanks anyhow
props.conf:
[dynatrace:metrics]
SEDCMD-delete_dynatraceserver = s/^\{\"dynatrace_server.+$//
If you can erase it, there is this method.
Thanks for suggestion @to4kawa !
Anyhow I am trying to get rid of timestamp issues, and as sedcmd is applied after timestamp assignment I believe I would still get timestamp issues logged just as using transforms nullqueue.
Do you just give up extracting from logs?