in source/lambda/es_loader/siem/__init__.py [0:0]
def get_timestamp(self):
if self.logconfig['timestamp_key'] and not self.__skip_normalization:
if self.logconfig['timestamp_key'] == 'cwe_timestamp':
self.__logdata_dict['cwe_timestamp'] = self.cwe_timestamp
elif self.logconfig['timestamp_key'] == 'cwl_timestamp':
self.__logdata_dict['cwl_timestamp'] = self.cwl_timestamp
elif self.logconfig['timestamp_key'] == 'file_timestamp':
return self.file_timestamp
timestr = utils.get_timestr_from_logdata_dict(
self.__logdata_dict, self.logconfig['timestamp_key'],
self.has_nanotime)
dt = utils.convert_timestr_to_datetime(
timestr, self.logconfig['timestamp_key'],
self.logconfig['timestamp_format'], self.timestamp_tz)
if not dt:
msg = f'there is no timestamp format for {self.logtype}'
logger.error(msg)
raise ValueError(msg)
else:
if self.file_timestamp:
# This may be firelens and error log
return self.file_timestamp
elif hasattr(self, 'cwl_timestamp') and self.cwl_timestamp:
# This may be CWL and truncated JSON such as opensearch audit
return utils.convert_epoch_to_datetime(
self.cwl_timestamp, utils.TIMEZONE_UTC)
dt = datetime.now(timezone.utc)
return dt