Skip to main content
Panther Knowledge Base

Why does pantherlog think my event time is Jan 2, 2006?

  1. Last updated
  2. Save as PDF

QUESTION

When using pantherlog to test my schema, pantherlog seems to think the event time is 2006-01-02T15:04:05Z07:00, displaying an error message like

EventTime: DecodeTime: parsing time "..." as "2006-01-02T15:04:05Z07:00": cannot parse ... as ..., error found in byte #10 of ...

ANSWER

This error is most commonly caused by misformatting the expected p_event_time value in your test file. Please ensure your expected p_event_time format matches the following:

YYYY-MM-DDTHH:MM:SS.SSSZ

In other words, make sure that you:

  1. Include the T separator between the date and time
  2. Include the fractional second to 3 decimal places
  3. Suffix the timestamp with a Z character