Zabbix logfile monitoring: how to get timestamp from log message

Shadasviar

7/20/23, 4:20 PM

I have some rotated log files in csv format, which contains numeric data and timestamp of the event, and I need to plot this data with milliseconds precision.

I try to use zabbix log file monitoring function for this purpose, but zabbix inserts time of getting log from zabbix agent instead of real event time. In the Log item type, there is Log time format field, which allow to parse timestamp of event from log message, but there is no such field in numeric data type.

Is it possible to get event time from log message using zabbix log file monitoring?

234

0 + 0

zabbix

zabbix-agent

Score:1

Server

Roman Spiak

9/7/23, 11:36 PM

Is it possible to get event time from log message using zabbix log file monitoring?

yes

please follow https://www.zabbix.com/documentation/6.0/en/manual/config/items/itemtypes/log_items?hl=logrt%5B%5D%2Clogrt.count%5B%5D

The correct definition of Log time format argument should provide you with way to populate the time.

Quoting the official docs:

In this field you may optionally specify the pattern for parsing the log line timestamp. If left blank the timestamp will not be parsed. Supported placeholders:

y: Year (0001-9999)
M: Month (01-12)
d: Day (01-31)
h: Hour (00-23)
m: Minute (00-59)
s: Second (00-59) For example, consider the following line from the Zabbix agent log file: " 23480:20100328:154718.045 Zabbix agent started. Zabbix 1.8.2 (revision 11211)." It begins with six character positions for PID, followed by date, time, and the rest of the line. Log time format for this line would be "pppppp:yyyyMMdd:hhmmss". Note that "p" and ":" chars are just placeholders and can be anything but "yMdhms".

0 + 0

Shadasviar

9/10/23, 11:31 AM

But such field as `Log time format` is available only for log item type. Is it possible to get timestamp for item of numeric type? In documentation I found that timestamp only supported for textual log items, and only way to use custom timestamp in the numeric items is using zabbix trapper instead of logfile monitoring.

Roman Spiak

9/12/23, 4:12 PM

timestamp in numeric item type is supported via zabbix by specifying unit as "unixtime" - however timestamp then needs to be in EPOCH time. Docs: https://www.zabbix.com/documentation/current/en/manual/config/items/item section Units.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Zabbix logfile monitoring: how to get timestamp from log message

TH: การตรวจสอบไฟล์บันทึก Zabbix: วิธีรับการประทับเวลาจากข้อความบันทึก

RO: Monitorizarea fișierului jurnal Zabbix: cum să obțineți marcajul de timp din mesajul de jurnal

RU: Мониторинг файла журнала Zabbix: как получить метку времени из сообщения журнала

VI: Giám sát tệp nhật ký Zabbix: cách lấy dấu thời gian từ thông báo tường trình

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.