I’m building centralised logging for a number of web-service type applications all with custom log outputs, and I cannot get a timestamp to appear in the Chronograf Log Viewer Timestamp column, despite each data point having the correct timestamp. Broadly speaking the flow is as follows
inputs.tail (grok pattern) --> processors (move tags/fields, lowercase severity etc) --> outputs.influxdb & stdout
Tail Grok pattern extracts the all the relevant fields into syslog expected fields/tags, and sets the timestamp for the data point, but I cannot find a way to get a timestamp field as an integer into the output, as that is the field Chronograf uses in the log viewer. Instead all my events are at 01/01/1970 00:00, but show correctly on the aggregated severity/time graph.
I’ve tried processors.date to re-insert the data point timestamp back in as a tag, then move to a field, however there does not appear to be a way to get it to output the integer time that the Log Viewer is expecting, only string formats.
Is there something I am missing or does anyone have any ideas?
