Vector: journald source: timestamp not appended?

Created on 29 Apr 2020 · 5Comments · Source: timberio/vector

I defined the configuration:

[sources.journald]
  type = "journald"
  current_boot_only = true # optional, default true
  units = ["bas-deploy"] # optional, default [] => all units
  batch_size = 16 # optional, default 16
  journalctl_path = "journalctl" # optional, default journalctl

[sinks.stdout]
  type = "console"
  inputs = ["journald"]
  target = "stdout" # enum: "stdout" or "stderr"
  encoding = "json" # no default, enum: "json" or "text"

[sinks.stdouttext]
  type = "console"
  inputs = ["journald"]
  target = "stdout"
  encoding = "text"

Here is the output:

$ journalctl -efau vector
Apr 29 09:45:12 33d7f7c7-afd0-4a7f-98da-45940801909f vector[2424]: {"PRIORITY":"6","SYSLOG_FACILITY":"3","SYSLOG_IDENTIFIER":"deploy-node.sh","_BOOT_ID":"aebb65607da94edf925a8ae50e53d700","_CAP_EFFECTIVE":"0","_CMDLINE":"node app.js","_COMM":"node","_EXE":"/home/bas/.nvm/versions/node/v12.16.1/bin/node","_GID":"1000","_MACHINE_ID":"33d7f7c7afd04a7f98da45940801909f","_PID":"2064","_STREAM_ID":"ca7319ccd87a4fb6946acb795a178b93","_SYSTEMD_CGROUP":"/system.slice/bas-deploy.service","_SYSTEMD_INVOCATION_ID":"737ac037ffdc413b83bbbb8d3ca577e7","_SYSTEMD_SLICE":"system.slice","_SYSTEMD_UNIT":"bas-deploy.service","_TRANSPORT":"stdout","_UID":"1000","__MONOTONIC_TIMESTAMP":"8717724471","__REALTIME_TIMESTAMP":"1588153512011187","host":"33d7f7c7-afd0-4a7f-98da-45940801909f","message":"2020-04-29T09:45:12.011Z","source_type":"journald"}
Apr 29 09:45:12 33d7f7c7-afd0-4a7f-98da-45940801909f vector[2424]: 2020-04-29T09:45:12.011Z
Apr 29 09:45:13 33d7f7c7-afd0-4a7f-98da-45940801909f vector[2424]: {"PRIORITY":"6","SYSLOG_FACILITY":"3","SYSLOG_IDENTIFIER":"deploy-node.sh","_BOOT_ID":"aebb65607da94edf925a8ae50e53d700","_CAP_EFFECTIVE":"0","_CMDLINE":"node app.js","_COMM":"node","_EXE":"/home/bas/.nvm/versions/node/v12.16.1/bin/node","_GID":"1000","_MACHINE_ID":"33d7f7c7afd04a7f98da45940801909f","_PID":"2064","_STREAM_ID":"ca7319ccd87a4fb6946acb795a178b93","_SYSTEMD_CGROUP":"/system.slice/bas-deploy.service","_SYSTEMD_INVOCATION_ID":"737ac037ffdc413b83bbbb8d3ca577e7","_SYSTEMD_SLICE":"system.slice","_SYSTEMD_UNIT":"bas-deploy.service","_TRANSPORT":"stdout","_UID":"1000","__MONOTONIC_TIMESTAMP":"8718725710","__REALTIME_TIMESTAMP":"1588153513012425","host":"33d7f7c7-afd0-4a7f-98da-45940801909f","message":"2020-04-29T09:45:13.012Z","source_type":"journald"}
Apr 29 09:45:13 33d7f7c7-afd0-4a7f-98da-45940801909f vector[2424]: 2020-04-29T09:45:13.012Z

I don't understand why the supposed timestamp field (human readable, probably an iso or rfc) computed from __REALTIME_TIMESTAMP is not appended. Maybe I'm missing something?

journald bug help

Source