Currently in our log files, the _time value is rounded down to the nearest second and is sorted accordingly.
But in our event tab, the start of each log follows this exact pattern:
2018-10-17 17:53:42.8332
The part in bold is the milliseconds and I want to be able to include in my query:
The ability to search (possibly regex?) the start of each result and pick up the millisecond value.
Sort the results based on this so that results are sorted down to the millisecond.
I'm not too sure of how to approach this, I haven't really need this question asked yet so any guidance on what to do would be greatly appreciated 🙂
... View more