Zabbix logfile monitoring: how to get timestamp from log message

Question

I have some rotated log files in csv format, which contains numeric data and timestamp of the event, and I need to plot this data with milliseconds precision.

I try to use zabbix log file monitoring function for this purpose, but zabbix inserts time of getting log from zabbix agent instead of real event time. In the Log item type, there is Log time format field, which allow to parse timestamp of event from log message, but there is no such field in numeric data type.

Is it possible to get event time from log message using zabbix log file monitoring?

Answer 1

Is it possible to get event time from log message using zabbix log file monitoring?

yes

please follow https://www.zabbix.com/documentation/6.0/en/manual/config/items/itemtypes/log_items?hl=logrt%5B%5D%2Clogrt.count%5B%5D

The correct definition of Log time format argument should provide you with way to populate the time.

Quoting the official docs:

In this field you may optionally specify the pattern for parsing the log line timestamp. If left blank the timestamp will not be parsed. Supported placeholders:

• y: Year (0001-9999)
• M: Month (01-12)
• d: Day (01-31)
• h: Hour (00-23)
• m: Minute (00-59)
• s: Second (00-59) For example, consider the following line from the Zabbix agent log file: " 23480:20100328:154718.045 Zabbix agent started. Zabbix 1.8.2 (revision 11211)." It begins with six character positions for PID, followed by date, time, and the rest of the line. Log time format for this line would be "pppppp:yyyyMMdd:hhmmss". Note that "p" and ":" chars are just placeholders and can be anything but "yMdhms".