Can you please tell us how to assign event log time (ALERT_TIMESTAMP fields value ) as the event timestamp (_time)? Seems the below props.conf entry is not working properly. Please review and provide a working sourcetype configuration for extracting fields and assigning timestamp from event data.

props.conf:

[vops_json]
INDEXED_EXTRACTIONS = json
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = ALERT_TIMESTAMP
TIME_FORMAT = %s
KV_MODE = json
SHOULD_LINEMERGE = True
TRUNCATE = 0
category = Custom
description = JavaScript Object Notation format. For more information, visit http://json.org/
disabled = false
pulldown_type = true

Sample Event:

{
"ALERT_SERVICESTATE": "OK",
"ALERT_VO_RECIEVE_TIME": "1469712777061",
"ALERT_URL": "http://test.url.com/test",
"ALERT_ENTITY_DISPLAY_NAME": "test entity",
"ALERT_ENTITY_STATE": "OK",
"ALERT_MESSAGE_TYPE": "RECOVERY",
"ALERT_MONITOR_NAME": "",
"ALERT_MONITORING_URL": "NAGIOS",
"ALERT_ROUTING_KEY": "admins_support",
"ALERT_TIMESTAMP": "1469712369000",
"ALERT_ENTITY_TYPE": "SERVICE",
"STATE_ACK_MESSAGE": "",
"STATE_ACK_TIMESTAMP": "1469712775000",
"STATE_ACK_USER": "test_coca",
"STATE_ALERT_COUNT": "2",
"STATE_CURRENT_ALERT_PHASE": "ACKED",
"STATE_CURRENT_STATE": "WARNING",
"STATE_ENTITY_ID": "nagios-publisher\/ec2-52-90-166-168.compute-1.amazonaws.com\/Memory",
"STATE_HOST": "ec2-52-90-166-168.compute-1.amazonaws.com",
"STATE_INCIDENT_NAME": "9106",
"STATE_INCIDENT_TIMESTAMP": "1469712369000",
"STATE_LAST_TIMESTAMP": "1469712369000",
"STATE_MONITOR_TYPE": "NAGIOS",
"STATE_SERVICE": "nbcdevfiles-4a23d9b2  \/ Memory"
}