Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
Can the information within a Gather Data file be viewed in a third-party tool such as PowerBI?What Charts are Most Useful when using a tools like PowerBI?Power Query (M) Script in PowerBI for Log AnalysisHow do I parse an Agent Log in PowerBI?How can I detect duplicate log entries in PowerBI?How do I compare two log files in PowerBI?How do I compare timestamps across files?What if timestamps are missing from my Spirion Logs?How should I handle null rows?Example of a Power Query Script in PowerBIHow do I sort Logs Chronologically in PowerBI?How do I handle mixed timestamp formats in PowerBI?
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

How do I compare timestamps across files?

Comparing timestamps across multiple Spirion log files is essential for identifying "drift," synchronization issues, or correlating events between different Agent components (like seeing if an error in the IDF scanning log was preceded by a connection drop in the EPS health log).

Here are the 3 best ways to compare timestamps in Power BI:

1. The "Master Timeline" (Overlay Method)

This is the most common way to see if events in different files happened at the same time.

  • Visual: Line Chart or Area Chart.
  • X-Axis: Use your parsed Timestamp column. (Ensure it is set to "Date/Time" type, not "Date/Time Hierarchy").
  • Legend: Use the Source.Name or Log Family (IDF, EPS, IFS).
  • Values: Count of Rows.
  • The Result: You will see multiple lines on one graph. If the "EPS" line drops to zero at the exact same time the "IDF" line spikes with errors, you have proven that a service heartbeat failure caused the scan to crash.

2. The "Side-by-Side" Matrix (Correlation Method)

If you need to see the exact sequence of events across files, use a Matrix.

  • Rows: Timestamp (set to show seconds).
  • Columns: Source.Name or Log Family.
  • Values: First(Message) — Note: Use "First" or "Last" so it displays the text.
  • The Result: This creates a "Vertical Timeline." You can scroll down and see:
    • 10:01:05 AM: EPS says "Heartbeat Sent" | IDF says "Scanning File X"
    • 10:01:06 AM: EPS says "Connection Lost" | IDF says "Waiting for Service"
    • 10:01:07 AM: EPS is blank | IDF says "ERROR: Service Unavailable"

3. The "Time Delta" Calculation (Advanced)

If you want to know exactly how many seconds passed between an event in File A and an event in File B, you use a DAX Calculated Column.

Example Scenario: How long after the EPS service starts does the IDF scan actually begin?

  1. Create a Measure to find the first "Service Started" time in EPS.
  2. Create a Measure to find the first "Scan Started" time in IDF.
  3. The Formula:

TimeGap = DATEDIFF([EPS_Start], [IDF_Start], SECOND)

  • Why this is useful: It helps you detect "Lag." If the gap is usually 5 seconds but suddenly becomes 300 seconds, you have a resource contention or startup delay issue.

Critical Technical Tip: Timezone Alignment

Spirion Agents often log in Local Time, but some cloud components log in UTC. When comparing timestamps across files:

  • Check the Header: Look at the first few lines of the logs to see if they specify a timezone.
  • The Fix: In Power Query, use the "Add Time Zone" or "Convert to UTC" transformation. If you don't align them, your charts will show events happening hours apart when they actually happened simultaneously.

Summary of Comparison Techniques

If you want to...

Use this Visual

Key Configuration

See simultaneous spikes

Line Chart

Shared X-Axis (Timestamp)

Read the sequence of events

Matrix Table

Timestamp in Rows, File in Columns

Measure the delay between files

DAX Measure

DATEDIFF function

Identify "Silent" gaps

Gantt Chart

Start/End times per file

Summary: To compare timestamps, overlay them on a Line Chart to see visual correlations, or use a Matrix Table to read the chronological sequence of messages across different log families. Always ensure your Timezones are aligned before comparing.

Was this article helpful?

Powered by Product Fruits