Highlighted
Super Contributor.. klr01 Super Contributor..
Super Contributor..
890 views

FlexConnector timestamp format to process exported Windows Event Log timestamp

Jump to solution

I have a need to configure a FlexConnector (multiple folder file) to process exported Windows Event Logs instead of using the Windows Event Log SmartConnector(s) that are available. I am having an issue trying to figure out what timestamp format I need to use in the .sdkfilereader.properties file to process the timestamp Windows Event Log uses (i.e. 2015-11-03T09:45:54.2609318Z). Has anyone done this before successfully?

Thank you!

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Super Contributor.. klr01 Super Contributor..
Super Contributor..

Re: FlexConnecor timestamp format to process exported Windows Event Log timestamp

Jump to solution

I found a solution thanks to this prior post: https://protect724.hp.com/message/40408#40408

The Windows event log timestamp is in ISO format. I had to first read in the time as a String and then convert it.

token[0].name=TimeStamp_UTC

token[0].type=String

event.deviceReceiptTime=__createOptionalTimeStampFromString(TimeStamp_UTC,"YYYY-MM-DDThh:mm:ss.SSSX")

Thank you again, Shaun Watson, leading me down the right path

0 Likes
4 Replies
Acclaimed Contributor.. Shaun Acclaimed Contributor..
Acclaimed Contributor..

Re: FlexConnecor timestamp format to process exported Windows Event Log timestamp

Jump to solution

Try: yyyy-MM-dd'T'HH:mm:ss.SSSSSSS'Z'

0 Likes
Super Contributor.. klr01 Super Contributor..
Super Contributor..

Re: FlexConnecor timestamp format to process exported Windows Event Log timestamp

Jump to solution

Thanks Shaun! I tried it and it's got the right date but the wrong time. However, this is much better than before I tried your suggestion. The FlexConnector wouldn't read what I tried before at all. As an example: an event log timestamp of "2015-11-03T09:45:54.2609318Z" (where I think the "Z" represents UTC) is being interpreted as 11/3/15 10:29:23 UTC.

0 Likes
Super Contributor.. klr01 Super Contributor..
Super Contributor..

Re: FlexConnecor timestamp format to process exported Windows Event Log timestamp

Jump to solution

Does anyone know if the portion of the Windows Event Log timestamp after the period is truly in milliseconds? It seems to me it must not be. When using the TimeStamp format of yyyy-MM-dd'T'HH:mm:ss.SSSSSSS'Z' that Shaun kindly suggested above, a date in my log of "2015-11-03T09:45:54.2609318Z" is being interpreted as 11/3/15 10:29:23 UTC in my ESM.

Any thoughts/feedback would be much appreciated. Thank you!

0 Likes
Super Contributor.. klr01 Super Contributor..
Super Contributor..

Re: FlexConnecor timestamp format to process exported Windows Event Log timestamp

Jump to solution

I found a solution thanks to this prior post: https://protect724.hp.com/message/40408#40408

The Windows event log timestamp is in ISO format. I had to first read in the time as a String and then convert it.

token[0].name=TimeStamp_UTC

token[0].type=String

event.deviceReceiptTime=__createOptionalTimeStampFromString(TimeStamp_UTC,"YYYY-MM-DDThh:mm:ss.SSSX")

Thank you again, Shaun Watson, leading me down the right path

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.