Cloudflare Logpush integration does not support the correct available timestamp formats to match the output format options from the source

@timestamp

Related GitHub issues and PR:

Issue: The @timestamp field for docs ingested from Logpush to Elasticsearch is pulled from EdgeStartTimestamp and the pipeline processor is defined to accept any of the following formats:

integrations/packages/cloudflare_logpush/data_stream/http_request/elasticsearch/ingest_pipeline/default.yml

Lines 40 to 59 in 35f9966

     - set:  
   if: ctx.json?.EdgeStartTimestamp != null  
   field: '@timestamp'  
   copy_from: json.EdgeStartTimestamp  
   - date:  
   field: json.EdgeEndTimestamp  
   if: ctx.json?.EdgeEndTimestamp != null && ctx.json.EdgeEndTimestamp != ''  
   formats:  
   - ISO8601  
   - uuuu-MM-dd'T'HH:mm:ssX  
   - uuuu-MM-dd'T'HH:mm:ss.SSSX  
   - yyyy-MM-dd'T'HH:mm:ssZ  
   - yyyy-MM-dd'T'HH:mm:ss.SSSZ  
   - UNIX_MS  
   timezone: UTC  
   target_field: cloudflare_logpush.http_request.edge.end_time  
   on_failure:  
   - append:  
   field: error.message  
   value: '{{{_ingest.on_failure_message}}}'  
 

However, per the Logpull documentation, the available formats that can be configured are as follows:

timestamp_format: string to specify format for timestamps, such as unixnano, unix, or rfc3339. Default unixnano.

As a result, if the data comes through as UNIX for example (seconds from 1970) it would be interpreted as a UNIX_MS timestamp (milliseconds from 1970) resulting in a completely inaccurate timestamp.

Possible workarounds may include:

Refactoring the Elasticsearch pipeline processor to use the given format.
Reconfiguring the log output options in Cloudflare to accommodate the values are accepted by the pipeline (not recommended).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cloudflare Logpush integration does not support the correct available timestamp formats to match the output format options from the source #7762

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	- set:
	if: ctx.json?.EdgeStartTimestamp != null
	field: '@timestamp'
	copy_from: json.EdgeStartTimestamp
	- date:
	field: json.EdgeEndTimestamp
	if: ctx.json?.EdgeEndTimestamp != null && ctx.json.EdgeEndTimestamp != ''
	formats:
	- ISO8601
	- uuuu-MM-dd'T'HH:mm:ssX
	- uuuu-MM-dd'T'HH:mm:ss.SSSX
	- yyyy-MM-dd'T'HH:mm:ssZ
	- yyyy-MM-dd'T'HH:mm:ss.SSSZ
	- UNIX_MS
	timezone: UTC
	target_field: cloudflare_logpush.http_request.edge.end_time
	on_failure:
	- append:
	field: error.message
	value: '{{{_ingest.on_failure_message}}}'

Cloudflare Logpush integration does not support the correct available timestamp formats to match the output format options from the source #7762

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions