timestamp #849
-
|
Hello, I am writing a custom format to handle pfSense logs, which is going ok. Writing an SQL query to include the timestamp, lnav complains that there is "no such column", while the "Known message fields" display above is showing a "timestamp" field ? (pic attached)
Snippet from the .json file (timestamp is the same elsewhere): BRgds/Alan |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Short answer: Use Longer answer: Some of the standard fields, like the timestamp and message body, are mapped to the same names for every log format (log_time and log_body in this case). Sorry, I need to make this more clear in the docs and the overlay. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you Tim, problem solved ... |
Beta Was this translation helpful? Give feedback.
Short answer: Use
log_timeto access the log message timestamp in SQL.Longer answer: Some of the standard fields, like the timestamp and message body, are mapped to the same names for every log format (log_time and log_body in this case). Sorry, I need to make this more clear in the docs and the overlay.