@rhada wrote:
Hello,
we are encountering some sorting issue with our haproxy logs.
Actually we are using this logformat line :
log-format %ci:%cp\ [%trl]\ %f\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ \ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}rThe logs are then shiped with filebeat to our ELK using %trl field to sort it.
Under high flow we can get a lots of request / sec and logs arrive to elastic in mis-ordered.
After a quick look in doc i see :
| | %t | date_time (with millisecond resolution) | date |
And
| H | %trl | local_date_time of start of HTTP request | date |
Can someone explain the difference between this 2 params ? as what we need is the date the request start.
Thank you for your help
Posts: 1
Participants: 1