From 30addf4d7305458b63540987f45a04863e63bc9a Mon Sep 17 00:00:00 2001 From: Sebastien Quioc Date: Mon, 25 Sep 2023 18:24:04 +0200 Subject: [PATCH 1/5] feat(FAQ): add accepted representations of datetime in the events --- docs/xdr/FAQ.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/xdr/FAQ.md b/docs/xdr/FAQ.md index b812624926..ee333f84c4 100644 --- a/docs/xdr/FAQ.md +++ b/docs/xdr/FAQ.md @@ -45,3 +45,12 @@ Logs are available and displayed for 90 days in Sekoia.io. ## Archiving & Rehydratation Please contact your support for more information on archives and events rehydratation, with a clear description of your needs. + +## Ingestion + +### Datetime representation + +SEKOIA.IO accepts two kind of representations of a datetime in the events: + +- as a string with a timezone (like ISO8601 or RFC3339 strings) +- as a timestamp (from the seconds to the nanoseconds representation) or as a string without a timezone, in the UTC timezone From fb3ffdb0e34e9739d41859f136cb61eca16efb60 Mon Sep 17 00:00:00 2001 From: Sebastien Quioc Date: Wed, 27 Sep 2023 13:12:04 +0200 Subject: [PATCH 2/5] feat(FAQ): explain supported datetime representation the platform support --- docs/xdr/FAQ.md | 9 ------- docs/xdr/FAQ/datetime.md | 51 ++++++++++++++++++++++++++++++++++++++++ mkdocs.yml | 1 + 3 files changed, 52 insertions(+), 9 deletions(-) create mode 100644 docs/xdr/FAQ/datetime.md diff --git a/docs/xdr/FAQ.md b/docs/xdr/FAQ.md index ee333f84c4..b812624926 100644 --- a/docs/xdr/FAQ.md +++ b/docs/xdr/FAQ.md @@ -45,12 +45,3 @@ Logs are available and displayed for 90 days in Sekoia.io. ## Archiving & Rehydratation Please contact your support for more information on archives and events rehydratation, with a clear description of your needs. - -## Ingestion - -### Datetime representation - -SEKOIA.IO accepts two kind of representations of a datetime in the events: - -- as a string with a timezone (like ISO8601 or RFC3339 strings) -- as a timestamp (from the seconds to the nanoseconds representation) or as a string without a timezone, in the UTC timezone diff --git a/docs/xdr/FAQ/datetime.md b/docs/xdr/FAQ/datetime.md new file mode 100644 index 0000000000..0a5c419087 --- /dev/null +++ b/docs/xdr/FAQ/datetime.md @@ -0,0 +1,51 @@ +# Datetime + + +## Representation + +In the events, SEKOIA.IO accepts any representation of a datetime: + +- as a string representation: + - [ISO8601](https://www.iso.org/iso-8601-date-and-time-format.html) representation + - [RFC3339](https://www.ietf.org/rfc/rfc3339.html) representation + - [C-formatted datetime representation](#c-formatted) in the English locale +- as a timestamp representation with any precision (from second precision to nanosecond precision) + +### C formatted + +The following is a list of all the format codes that the C89 standard requires. +These work on all platforms with a standard C-based implementation. + +| Directive | Meaning | Example | +|-------------|------------------------------------------------------------------|----------------------------------------------| +| ``%a`` | Weekday | Sun, Mon, ..., Sat | +| ``%A`` | Weekday full name. | Sunday, Monday, ..., Saturday | +| ``%w`` | Weekday as a decimal number, where 0 is Sunday and 6 is Saturday | 0, 1, ..., 6 | +| ``%d`` | Day of the month as a zero-padded decimal number. | 01, 02, ..., 31 | +| ``%b`` | Month as abbreviated name. | Jan, Feb, ..., Dec | +| ``%B`` | Month full name. | January, February, ..., December | +| ``%m`` | Month as a zero-padded decimal number | 01, 02, ..., 12 | +| ``%y`` | Year without century as a zero-padded decimal number. | 00, 01, ..., 99 | +| ``%Y`` | Year with century as a decimal number | 0001, 0002, ..., 2013, 2014, ..., 9998, 9999 | +| ``%H`` | Hour (24-hour clock) as a zero-padded decimal number. | 00, 01, ..., 23 | +| ``%I`` | Hour (12-hour clock) as a zero-padded decimal number. | 01, 02, ..., 12 | +| ``%p`` | AM or PM | AM, PM | +| ``%M`` | Minute as a zero-padded decimal number | 00, 01, ..., 59 | +| ``%S`` | Second as a zero-padded decimal number | 00, 01, ..., 59 | +| ``%f`` | Microsecond as a decimal number. zero-padded to 6 digits | 000000, 000001, ..., 99999 | +| ``%z`` | UTC offset in the form ``±HHMM[SS[.ffffff]]`` | (empty), 0000, 063415, -030712.345216 | +| ``%Z`` | Time zone name | (empty), UTC, GMT | +| ``%j`` | Day of the year as a zero-padded decimal number | 001, 002, ..., 366 | +| ``%U`` | Week number of the year as a zero-padded decimal number | 00, 01, ..., 53 | +| ``%W`` | Week number of the year as a zero-padded decimal number | 00, 01, ..., 53 | + +## Timezone + +The datetime must satisfy one of the following conditions: + +- a string representation with a timezone (like ISO8601 or RFC3339 strings) +- a string representation or a timestamp representation together with a timezone in the event +- a string representation or a timestamp representation in the UTC timezone + + + diff --git a/mkdocs.yml b/mkdocs.yml index bae55e1ed9..d21aee98fc 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -313,6 +313,7 @@ nav: - Facing issues with logs collection: xdr/FAQ/Log_collection_Troubleshoot.md - Rules: xdr/FAQ/Rules_qa.md - Sekoia.io Endpoint agent: xdr/FAQ/SEKOIA_Endpoint_Agent.md + - Datetime representation: xdr/FAQ/datetime.md - Develop: - Quickstart: xdr/develop/quickstart.md - Guides: From c4cae211f59ec3dd217f21064e3d68bc799f9135 Mon Sep 17 00:00:00 2001 From: Sebastien Quioc Date: Wed, 27 Sep 2023 13:13:08 +0200 Subject: [PATCH 3/5] feat(Ingestion): add a link about the datetime representation --- docs/xdr/features/collect/ingestion_methods/index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/xdr/features/collect/ingestion_methods/index.md b/docs/xdr/features/collect/ingestion_methods/index.md index 245267486e..ebdcb41a49 100644 --- a/docs/xdr/features/collect/ingestion_methods/index.md +++ b/docs/xdr/features/collect/ingestion_methods/index.md @@ -28,3 +28,7 @@ To push your events through our HTTP log collector, you have to `POST` your logs ## Cloud & SaaS integration Sekoia.io is also able to retrieve logs and data from cloud platforms, such as Microsoft Azure, Amazon Web Services or Google Cloud. + +## Datetime representation in the events + +SEKOIA.IO accepts any representation of a datetime; see [Datetime representation](../../../FAQ/datetime.md) for more details. From c3294643d8e758aed2b24162678b2c204529b453 Mon Sep 17 00:00:00 2001 From: Charles LE REUN <77982369+CharlesLR-sekoia@users.noreply.github.com> Date: Thu, 28 Sep 2023 10:43:50 +0200 Subject: [PATCH 4/5] fix naming conv.md --- docs/xdr/FAQ/datetime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/xdr/FAQ/datetime.md b/docs/xdr/FAQ/datetime.md index 0a5c419087..b0c42a8839 100644 --- a/docs/xdr/FAQ/datetime.md +++ b/docs/xdr/FAQ/datetime.md @@ -3,7 +3,7 @@ ## Representation -In the events, SEKOIA.IO accepts any representation of a datetime: +In the events, Sekoia.io accepts any representation of a datetime: - as a string representation: - [ISO8601](https://www.iso.org/iso-8601-date-and-time-format.html) representation From 68f64f170cb55dcef851595ad3ae02f7b7f79092 Mon Sep 17 00:00:00 2001 From: Charles LE REUN <77982369+CharlesLR-sekoia@users.noreply.github.com> Date: Thu, 28 Sep 2023 10:44:19 +0200 Subject: [PATCH 5/5] Update index.md --- docs/xdr/features/collect/ingestion_methods/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/xdr/features/collect/ingestion_methods/index.md b/docs/xdr/features/collect/ingestion_methods/index.md index ebdcb41a49..7ee8b7cc29 100644 --- a/docs/xdr/features/collect/ingestion_methods/index.md +++ b/docs/xdr/features/collect/ingestion_methods/index.md @@ -31,4 +31,4 @@ Sekoia.io is also able to retrieve logs and data from cloud platforms, such as M ## Datetime representation in the events -SEKOIA.IO accepts any representation of a datetime; see [Datetime representation](../../../FAQ/datetime.md) for more details. +Sekoia.io accepts any representation of a datetime; see [Datetime representation](../../../FAQ/datetime.md) for more details.