while working with some syslog files I struggle pasing timestamps with Promtail with RFC3164 (example: “Jul 8 08:16:12”). I have already writen the captured string into a label, to make sure there isn’t an issue with my regex.
Could someone please provide me the necessary string for the timeformat?
In case it matters, I’m trying to parse our syslog messages and would like to make sure that the timestamp from the log gets used, not the timestamp the data gets parsed by promtail. Right now I work only on a static file with my test setup, so I can’t really work with the data if all have the same timestamp. Besides that, I would like to ensure, that I can also parse logs that where written but haven’t been submitted for whatever reason.
Happy weekend everyone.