Vector: `splunk_hec` drops timestamp precision

Created on 19 Apr 2020  路  2Comments  路  Source: timberio/vector

https://github.com/timberio/vector/blob/master/src/sinks/splunk_hec.rs#L122-L124:

        let timestamp = if let Some(Value::Timestamp(ts)) =
            event.remove(&event::log_schema().timestamp_key())
        {
            ts.timestamp()
        } else {
            chrono::Utc::now().timestamp()
        };

timestamp() returns a second-precision i64 whereas Splunk will accept nanosecond-precision Unix timestamp. As a result of this call timestamp precision is reduced to second.

must splunk_hec bug
Source
picture lewisthompson

Most helpful comment

Thanks @lewisthompson, we'll prioritize this and get it fixed this week.

picture binarylogic on 20 Apr 2020
2

All 2 comments

@LucioFranco it looks like you wrote this line. Do you have any context on why you chose second precision? And do you know if this is a problem across other sinks?

binarylogic picture binarylogic on 20 Apr 2020

Thanks @lewisthompson, we'll prioritize this and get it fixed this week.

binarylogic picture binarylogic on 20 Apr 2020
2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

LucioFranco picture LucioFranco  路  3Comments
a-rodin picture a-rodin  路  3Comments
binarylogic picture binarylogic  路  4Comments
jhgg picture jhgg  路  4Comments
raghu999 picture raghu999  路  3Comments