Date/time fields¶
Handling dates and times (timestamps) is crucial when parsing events.
In order for events to be displayed in the LogMan.io application, the events must contain the @timestamp field with proper datetime and timezone.
Datetime fields, in accordance with ECS:
| Field | Meaning |
|---|---|
@timestamp |
The time when the original event occurred. Must be included in declarations. |
event.created |
The time when the original event was collected by LogMan.io Collector. |
event.ingested |
The time when the original event was received to LogMan.io Receiver. |
In normal conditions, assuming no tampering, the timestamp values should be chronological: @timestamp < event.created < event.ingested.
Usefull links and tools¶
- UNIX time converter
- SP-Lang date/time format: this is the output format of all parsed timestamps produced by the Parsec.