How do you get the Alert formatted in Local TimeZone in an Alert message.
I’ve tried all the formatting listed in the Doc’s.
Fields set:
src_timestamp:
Is Key? No
Data Type string
Value source Template
Template ${source.timestamp;format_date("YYYY-MM-dd HH:mm.sss Z", "CDT")}
Validate that all Template values are set No
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
--- [Event] --------------------------------------
Timestamp: ${event.fields.src_timestamp}
Cisco Message: ${event.fields.cisco_message}
Source: ${event.fields.device}
Priority: ${event.priority}
Timestamp Processing: ${event.timestamp}
Full Message: ${event.fields.raw_message}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
${message}
${event.fields.raw_message}
${end}
${end}
But, it seems the timestamp is already String.
How do we get it to show local time ?
--- [Event Definition] ---------------------------
Title: Configuration from Console
--- [Event] --------------------------------------
Timestamp: 2020-12-11T15:26:23.196Z
Cisco Message: User:XXXX logged command:logging trap informational
Source: XXXXXX-router1
Priority: 2
Timestamp Processing: 2020-12-11T15:26:23.196Z
Full Message: <189>5: XXXXXX-router1: Dec 11 09:26:22.161 CST: %PARSER-5-CFGLOG_LOGGEDCMD: User:XXXXXX logged command:logging trap informational
Thanks
JR