All,
I have a log that looks like this? UTC time. What would my props.conf for this look like for that EPOCH timestamp?
system server.domain.com 192.168.1.11 start 1567632918.94
system server.domain.com 192.168.1.11 stop 1567632918.94
can you try this
[your_sourcetype]
TIME_PREFIX=\d+.\d+.\d+.\d+\s\w+\s
TIME_FORMAT=%s.%2N
can you try this
[your_sourcetype]
TIME_PREFIX=\d+.\d+.\d+.\d+\s\w+\s
TIME_FORMAT=%s.%2N