Solved: Why is TIME_FORMAT not working in props.conf?

sheloaha · ‎06-07-2016

My events have the following timestamp at the beginning of each line:

[2016-05-18T18:41:51.440-04:00]

In props.conf, I set the following but it is not working:

NO_BINARY_CHECK=true
disabled=false
TIME_PREFIX=^[
TIME_FORMAT=%Y-%m-%dT%H:%M:%S.%3N
TZ=America/New_York

Any ideas on why this is not working?

woodcock · ‎06-07-2016

Change these:

TIME_PREFIX = ^\[
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N%z

Also leave out the TZ line because the event has the timezone already (you just need to specify that it is there).

woodcock · ‎06-07-2016

Change these:

TIME_PREFIX = ^\[
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N%z

Also leave out the TZ line because the event has the timezone already (you just need to specify that it is there).

sheloaha · ‎06-15-2016

Thank you! That made the difference.

Why is TIME_FORMAT not working in props.conf?