Skip to main content
Panther Knowledge Base

How do I resolve a "DecodeTime: failed to parse" error for a custom schema in Panther?

  1. Last updated
  2. Save as PDF

Issue

I'm seeing this error message for one of my custom schemas:

DecodeTime: failed to parse "2022-08-06 19:19:56+00:00" with "%Y-%m-%d %H:%M:%S.%f%z": expected '.', er…

Resolution

To resolve this issue, make sure your timestamp is in the correct format. You can have multiple timestamp formats in a single schema

Here's an example for a timestamp field that sometimes includes a fractional second:

- name: ts
    type: timestamp
    timeFormats:
      - "%Y-%m-%d %H:%M:%S %z"
      - "%Y-%m-%d %H:%M:%S.%f %z"

Cause

This issue occurs when a timestamp is not formatted correctly.