Hi all,
I keep getting "DateParserVerbose [6827 merging] - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (75) characters of event. Defaulting to timestamp of previous event" warnings.
The time stamp in the logs looks like: 2021/10/28T16:06:08.183-07:00
props.conf looks like:
DETERMINE_TIMESTAMP_DATE_WITH_SYSTEM_TIME = true
MAX_TIMESTAMP_LOOKAHEAD = 75
MAX_DAYS_AGO = 36500
MAX_DAYS_HENCE = 36500
TIME_FORMAT = %d-%b-%y %I.%M.%S.%6Q %p
SHOULD_LINEMERGE = false
TRUNCATE = 500000
Anyone know what my time_format should be instead?
