Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
Can the information within a Gather Data file be viewed in a third-party tool such as PowerBI?What Charts are Most Useful when using a tools like PowerBI?Power Query (M) Script in PowerBI for Log AnalysisHow do I parse an Agent Log in PowerBI?How can I detect duplicate log entries in PowerBI?How do I compare two log files in PowerBI?How do I compare timestamps across files?What if timestamps are missing from my Spirion Logs?How should I handle null rows?Example of a Power Query Script in PowerBIHow do I sort Logs Chronologically in PowerBI?How do I handle mixed timestamp formats in PowerBI?
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

What if timestamps are missing from my Spirion Logs?

In Spirion logs, missing timestamps usually occur for 2 reasons: log fragmentation (a line was cut off during rotation) or multi-line messages (like a Java stack trace or a SQL error where only the first line has a timestamp).

If you have rows with missing timestamps, it will break your Power BI charts. Here is how to handle them using Power Query:

1. The "Fill Down" Method (Best for Multi-line Errors)

If a log entry spans multiple lines, the first line has the timestamp and the following lines are blank. You can "attribute" the timestamp of the first line to all subsequent lines of that same error.

  • How to do it:
    1. In Power Query, ensure your data is sorted exactly as it appears in the file.
    2. Right-click your Timestamp column.
    3. Select Fill > Down.
  • The Result: Every "blank" line now inherits the timestamp of the message immediately above it. This enables you to keep the full error detail while still being able to plot it on a timeline.

2. The "Conditional Filter" (Best for Junk/Fragments)

If the missing timestamp is due to a corrupted line or a "junk" fragment from a log rotation, you should simply remove it to keep your data clean.

  • How to do it:
    1. Click the filter drop-down on your Timestamp column.
    2. Uncheck (null) or (blank).
    3. Alternatively, use Remove Errors if the parsing logic failed on that line.
  • When to use this: Use this when the "Message" column also looks like gibberish or is just a single character (like a closing bracket).

3. The "Index Correlation" (Best for Sequence Integrity)

If you need to know where the missing timestamp occurred without deleting the data, use an Index Column.

  • How to do it:
    1. Before doing any filtering, go to Add Column > Index Column.
    2. If a line is missing a timestamp, its Index number will still tell you exactly which two "timestamped" lines it fell between.
  • Why this helps: If you are talking to Spirion Engineering, they may need to see the exact sequence. Even if Power BI can't graph a line without a timestamp, the Index ensures you don't lose the order of events.

4. Creating a "Dummy" Timestamp (For Visualization)

If you have a large block of data with no timestamps but you know it happened on a specific day (for example, from the filename IDF.log.2024-05-14), you can assign a "Dummy" time.

  • How to do it:
    1. Use a Conditional Column: "If Timestamp is null, then use [Date from Filename] + 12:00:00 AM."
  • Warning: This is only for visual grouping; it won't help with second-by-second troubleshooting.

Summary: Which method to use?

Scenario

Recommended Action

Multi-line Error/Stack Trace

Fill Down (keeps the context attached to the time).

Log Rotation "Junk"

Remove Nulls (cleans the noise).

Corrupted/Cut-off Line

Remove Errors (prevents chart breaking).

Missing but order matters

Add Index Column (preserves the sequence).

Summary: For multi-line errors, use Fill Down to apply the timestamp to the whole message. For corrupted or fragmented lines, use Remove Nulls to keep your charts from breaking. Always add an Index Column first to preserve the original order of the log.

Was this article helpful?

Powered by Product Fruits