Skip to main content
Panther Knowledge Base

How is the field p_event_time populated in my custom schema in Panther?

  1. Last updated
  2. Save as PDF

QUESTION

 I have created a custom schema in Panther. The p_event_time field is not getting the value of the field that corresponds to the time that the event was created (the CreateTime field from my custom schema), but instead, it's taking the value of the field p_parse_time. How can I amend this, and how does Panther know which field to choose if we set multiple fields with the datatype as timestamp?

ANSWER

 To correct this behavior, you can try adding the isEventTime: true statement to the field CreateTime in your schema. This way, Panther will know which field should be used to populate the field p_event_time.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.