Hello @Ledion.
I've played with the timestamp adjustment, but without success.
Our data is on BRT Timezone (GMT -3), but our HDFS Timezone is GMT, so I can see that our data has it's directory, on the same Timezone that the event's hour, but the files written on HDFS have +3 hours (GMT).
So, at the Virtual Index configuration, I've used the GMT, GMT +3, GMT -3 and some others, but none of them seemed to work for us.
Maybe I'm doing the time extraction on a wrong way?
vix.input.1.et.format = yyyyMMddHH
vix.input.1.et.regex = /storage/data/BR_SIEM_success.EventLogFS/hourly/(\d{4})/(\d{2})/(\d{2})/(\d{2})/.*
vix.input.1.lt.format = yyyyMMddHH
vix.input.1.lt.regex = /storage/data/BR_SIEM_success.EventLogFS/hourly/(\d{4})/(\d{2})/(\d{2})/(\d{2})/.*
I think that I'm missing something, any advices will help us a lot!
Ahh, this is what I get on "Explore Data":
storage/data/BR_SIEM_success.EventLogFS/hourly/2016/05/09/15/
Type Name Owner Size Permissions Last Modified Time
BR_SIEM_success.0.0.66.73582308.1462816800000.avro hdfs 56.32 KB rw-r--r-- May 9, 2016 6:01:36 PM
BR_SIEM_success.10.10.21.76501680.1462816800000.avro hdfs 19.82 KB rw-r--r-- May 9, 2016 6:01:49 PM
BR_SIEM_success.11.11.42.75316419.1462816800000.avro hdfs 37.62 KB rw-r--r-- May 9, 2016 6:01:59 PM
BR_SIEM_success.2.2.23.80555652.1462816800000.avro hdfs 20.89 KB rw-r--r-- May 9, 2016 6:02:36 PM
BR_SIEM_success.3.3.92.80099611.1462816800000.avro hdfs 77.57 KB rw-r--r-- May 9, 2016 6:01:49 PM
BR_SIEM_success.5.5.23.78514890.1462816800000.avro hdfs 20.66 KB rw-r--r-- May 9, 2016 6:01:54 PM
BR_SIEM_success.7.7.21.78649173.1462816800000.avro hdfs 19.22 KB rw-r--r-- May 9, 2016 6:01:59 PM
BR_SIEM_success.8.8.44.74151067.1462816800000.avro hdfs 38.13 KB rw-r--r-- May 9, 2016 6:01:54 PM
... View more