GELF timestamp field missing millisecond precision | Log Collection Solutions

Post a different question

6
responses

coffee-squirrel's picture

coffee-squirrel

We have nxlog CE pushing to a GELF TCP input in Graylog, and the timestamp field received from nxlog appears to not have the milliseconds (i.e. it ends in ".000"), resulting in out-of-order messages in Graylog within a 1-second window. Other sources (Graylog Collectors, apps pushing directly, etc.) include the original millisecond value as expected. For Graylog inputs receiving nxlog messages we've had to set up an extractor to extract the timestamp from the message itself. Are there any options to keep millisecond precision with nxlog?

GELF,

AskedAugust 3, 2016 - 8:40pm

Answer (1)

adm's picture

adm

The GELF specification had this:

timestamp: UNIX microsecond timestamp (decimal); SHOULD be set by client library.

It looks like it's now changed to the following in the latest spec:

timestamp: Seconds since UNIX epoch with optional decimal places for milliseconds;

The code for xm_gelf needs to be modified in order to enable this.

AnsweredAugust 3, 2016 - 8:49pm

Leave a comment

Comments (5)

rochbu
Leave a comment
Has this been implemented?

November 28, 2016 - 5:12pm

alexjck
Leave a comment
What is the status for this?

November 13, 2017 - 8:01pm

b0ti (NXLog)
Leave a comment
This has been fixed in the Enterprise Edition some time ago.

November 14, 2017 - 11:31am

jothoma1
Leave a comment
Hello, we have this problem using nxlog CE any news of having it the community edition ? Thanks a lot for your great work Johan

December 4, 2017 - 4:21pm

mlachal
Leave a comment
Hello, do you know when it will be ported to the CE ?

August 30, 2018 - 2:07pm