I've logs where events are not starting with time. Log format is
10.100.28.108 - - 2018-04-25--02-31-14 "PUT /mifs/c/i/abc/abc.html?c=1073768600 HTTP/1.1" 200 20 "-" "abc/1.0" 5252
I was trying below but getting error: couldnot use strptime to parse
[ test ]
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true
TIME_FORMAT=%Y-%m-%d--%H%-M-%S
TIME_PREFIX=\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\s-\s-
TZ=America/New_York
Can you try this please:
[ __auto__learned__ ]
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true
TIME_FORMAT=%Y-%m-%d--%H-%M-%S
TIME_PREFIX=(\d+\.){3}.\d+(\s-){2}\s
Give this a try
[ test ]
SHOULD_LINEMERGE=false
LINE_BREAKER = ([\r\n]+)(?=\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\s+\S+){2}\s)
NO_BINARY_CHECK=true
TIME_FORMAT=%Y-%m-%d--%H%-M-%S
TIME_PREFIX=^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(\s+\S+){2}\s
MAX_TIMESTAMP_LOOKAHEAD = 20
TZ=America/New_York
Can you try to edit your time_prefix:
TIME_PREFIX=\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s-\s-