Parse Timestamp Without Timezone Information

Convert local time strings to timestamps with timezone specification using the parseTimestamp() function with timezone

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] result{{Result Set}} repo --> 1 1 --> result
logscale
parseTimestamp("yyyy-MM-dd'T'HH:mm:ss", field=event_time, timezone="America/New_York")

Introduction

The parseTimestamp() function can be used to parse timestamp strings into LogScale timestamp format. When parsing timestamps that do not include timezone information, you must specify the timezone parameter to ensure correct time interpretation.

In this example, the parseTimestamp() is used to convert timestamp strings without timezone information into properly formatted timestamps by explicitly specifying the timezone.

Example incoming data might look like this:

event_timeactionuser
2023-05-02T10:30:00loginjsmith
2023-05-02T10:35:00logoutjsmith
2023-05-02T10:40:00loginawhite
2023-05-02T10:45:00updateawhite

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] result{{Result Set}} repo --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    parseTimestamp("yyyy-MM-dd'T'HH:mm:ss", field=event_time, timezone="America/New_York")

    Parses the timestamp string in event_time using the specified format pattern. The timezone parameter is set to America/New_York to properly interpret the local time. The result is stored in a new field named @timezone.

    Note that if the timestamp string does not contain a timezone, then one must be specified using the timezone parameter, otherwise an error is generated.

  3. Event Result set.

Summary and Results

The query is used to convert local timestamp strings into properly formatted timestamps with timezone information.

This query is useful, for example, to standardize timestamp fields in logs that contain local time information without explicit timezone data.

Sample output from the incoming example data:

@timezoneactionevent_timeuser
America/New_Yorklogin2023-05-02T10:30:00jsmith
America/New_Yorklogout2023-05-02T10:35:00jsmith
America/New_Yorklogin2023-05-02T10:40:00awhite
America/New_Yorkupdate2023-05-02T10:45:00awhite