Timestamp in Metron is always a unix epoch to avoid things like timezone issues.
In this case, you can resolve this using a field transformation at the parsing
stage, with the TO_EPOCH_TIMESTAMP function. Some custom parsers already do
this, but for those that don’t, a simple bit of stellar
Hello everybody,
Don't worry, I won't ask you to debug my Grok statement :)
By the way, I'm facing the following situation: I have in my "error_index"
Elastic index some documents with a raw_message field that shows that the
origin message was parsed (see screenshot) and contains in addition
