• Home
  • How to use Dynatrace
  • Log Management and Analytics
  • Log ingestion via OneAgent
  • Supported timestamp formats

Supported timestamp formats

powered by Grail

Timestamp—including date, time, timezone, and offset—is searched for in the first 64 characters of the log content (this value is configurable via Settings > Log Monitoring > OneAgent > Timestamp search limit). If an offset or timezone is not found in the first 64 characters, the local timezone of a host is used.

During log processing, each line where a supported timestamp is detected starts a new log record. A line without a timestamp is considered to be a continuation of an existing log record and appended to a line that contains a timestamp.
If no timestamp is present in a log file or a timestamp is not recognized due to unsupported format, each line not starting with whitespace characters, such as space or tab, is treated as a log record continuation. Each line starting with whitespace characters, such as space or tab, is appended in turn.

The supported timestamp formats include:

  • ISO 8601 format: %Y-%m-%d %H:%M:%S
    Example: 2022-04-17 11:25:12.345

  • RFC 3339 format: %Y-%m-%dT%H:%M:%S
    Example: 2022-04-17T11:25:12.345

  • Unix Epoch format, providing the number of milliseconds that have elapsed since January 1, 1970 Example: 1652088888997

  • RFC 3164 format: %b %d %H:%M:%S
    Example: Apr 17 11:25:12

  • Db2 (IBM database 2) format: %Y-%m-%d-%H.%M.%S
    Example: 2022-05-17-11.25.12.114000-300

  • IIS format: %m/%d/%Y, %H:%M:%S
    Example: 04/17/2022, 11:25:12.345

  • W3C (World Wide Web Consortium) format: %Y-%m-%d %H:%M:%S
    Example: 2022-04-17 11:25:12.345 specified in the UTC timezone

  • Klog and Golang/glog format: [IWEF]%m%d %H:%M:%S Example: I0408 06:40:02.634162

  • Other common formats:

    • %d %b %Y %H:%M:%S (example: 17 Apr 2022 11:25:12.345)
    • %Y %b %d %H:%M:%S (example: 2022 Apr 17 11:25:12.345)
    • %d/%b/%Y:%H:%M:%S (example: 17/Apr/2022:11:25:12.345)

JSON files are supported for Docker only. If the log tag is detected in a JSON file, then the corresponding message is ingested and analyzed. Within the message, the timestamp of one of the supported formats is searched. If no supported file format is found, the time tag is searched. For example:

json
{
   "log":"2020-11-24 11:01:36,484 CRIT Supervisor running as root (no user in config file)\n",
   "stream":"stdout",
   "time":"2020-11-24T11:01:36.484996713Z"
}
{
   "log":"2020-11-24 11:01:36,500 INFO RPC interface 'supervisor' initialized\n",
   "stream":"stdout",
   "time":"2020-11-24T11:01:36.50065223Z"
}
Related topics
  • Timestamp configuration

    Define a specific date format using timestamp rules that specify what should be considered a timestamp in a log record.