Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FAQ: add accepted representations of datetime in the events #1349

Merged
merged 5 commits into from
Sep 28, 2023
Merged

FAQ: add accepted representations of datetime in the events #1349

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
30addf4
feat(FAQ): add accepted representations of datetime in the events
squioc Sep 25, 2023
fb3ffdb
feat(FAQ): explain supported datetime representation the platform sup…
squioc Sep 27, 2023
c4cae21
feat(Ingestion): add a link about the datetime representation
squioc Sep 27, 2023
c329464
fix naming conv.md
CharlesLR-sekoia Sep 28, 2023
68f64f1
Update index.md
CharlesLR-sekoia Sep 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions docs/xdr/FAQ/datetime.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Datetime


## Representation

In the events, SEKOIA.IO accepts any representation of a datetime:

- as a string representation:
- [ISO8601](https://www.iso.org/iso-8601-date-and-time-format.html) representation
- [RFC3339](https://www.ietf.org/rfc/rfc3339.html) representation
- [C-formatted datetime representation](#c-formatted) in the English locale
- as a timestamp representation with any precision (from second precision to nanosecond precision)

### C formatted

The following is a list of all the format codes that the C89 standard requires.
These work on all platforms with a standard C-based implementation.

| Directive | Meaning | Example |
|-------------|------------------------------------------------------------------|----------------------------------------------|
| ``%a`` | Weekday | Sun, Mon, ..., Sat |
| ``%A`` | Weekday full name. | Sunday, Monday, ..., Saturday |
| ``%w`` | Weekday as a decimal number, where 0 is Sunday and 6 is Saturday | 0, 1, ..., 6 |
| ``%d`` | Day of the month as a zero-padded decimal number. | 01, 02, ..., 31 |
| ``%b`` | Month as abbreviated name. | Jan, Feb, ..., Dec |
| ``%B`` | Month full name. | January, February, ..., December |
| ``%m`` | Month as a zero-padded decimal number | 01, 02, ..., 12 |
| ``%y`` | Year without century as a zero-padded decimal number. | 00, 01, ..., 99 |
| ``%Y`` | Year with century as a decimal number | 0001, 0002, ..., 2013, 2014, ..., 9998, 9999 |
| ``%H`` | Hour (24-hour clock) as a zero-padded decimal number. | 00, 01, ..., 23 |
| ``%I`` | Hour (12-hour clock) as a zero-padded decimal number. | 01, 02, ..., 12 |
| ``%p`` | AM or PM | AM, PM |
| ``%M`` | Minute as a zero-padded decimal number | 00, 01, ..., 59 |
| ``%S`` | Second as a zero-padded decimal number | 00, 01, ..., 59 |
| ``%f`` | Microsecond as a decimal number. zero-padded to 6 digits | 000000, 000001, ..., 99999 |
| ``%z`` | UTC offset in the form ``±HHMM[SS[.ffffff]]`` | (empty), 0000, 063415, -030712.345216 |
| ``%Z`` | Time zone name | (empty), UTC, GMT |
| ``%j`` | Day of the year as a zero-padded decimal number | 001, 002, ..., 366 |
| ``%U`` | Week number of the year as a zero-padded decimal number | 00, 01, ..., 53 |
| ``%W`` | Week number of the year as a zero-padded decimal number | 00, 01, ..., 53 |

## Timezone

The datetime must satisfy one of the following conditions:

- a string representation with a timezone (like ISO8601 or RFC3339 strings)
- a string representation or a timestamp representation together with a timezone in the event
- a string representation or a timestamp representation in the UTC timezone



4 changes: 4 additions & 0 deletions docs/xdr/features/collect/ingestion_methods/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,7 @@ To push your events through our HTTP log collector, you have to `POST` your logs
## Cloud & SaaS integration

Sekoia.io is also able to retrieve logs and data from cloud platforms, such as Microsoft Azure, Amazon Web Services or Google Cloud.

## Datetime representation in the events

SEKOIA.IO accepts any representation of a datetime; see [Datetime representation](../../../FAQ/datetime.md) for more details.
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,7 @@ nav:
- Facing issues with logs collection: xdr/FAQ/Log_collection_Troubleshoot.md
- Rules: xdr/FAQ/Rules_qa.md
- Sekoia.io Endpoint agent: xdr/FAQ/SEKOIA_Endpoint_Agent.md
- Datetime representation: xdr/FAQ/datetime.md
- Develop:
- Quickstart: xdr/develop/quickstart.md
- Guides:
Expand Down