Hello, I'm trying to index a log in the IIS W3C Extended Log Format. The date information in each event is missing, but the date is at the top of the file in the header info. The time (HH:MM:SS) is correctly populated in each event. Is there a way I can extract the date from the header and prepend it to each line or a way I can populate the date_mday, date_month, date_year, etc. fields for each event using the info in the header? Sample data below.

Current sourcetype definition

[ iis:log ]
CHARSET=UTF-8
FIELD_DELIMITER=whitespace
FIELD_HEADER_REGEX=^#Fields:\s*(.*)
INDEXED_EXTRACTIONS=W3C
LINE_BREAKER=([\r\n]+)
MISSING_VALUE_REGEX=-
NO_BINARY_CHECK=true
SHOULD_LINEMERGE=false
TIME_FORMAT=%H:%M:%S
TIMESTAMP_FIELDS=Date,time

Sample log file

#Version:   1.0
#Fields:    Date time cs(X-Forwarded-For) cs(Cookie)
#Software:  WebLogic
#Start-Date:    2019-09-03  00:00:00
-   00:00:00    col_3_data  col_4_data
-   00:00:00    col_3_data  col_4_data
-   00:00:06    col_3_data  col_4_data
-   00:00:06    col_3_data  col_4_data
-   00:00:08    col_3_data  col_4_data
-   00:00:08    col_3_data  col_4_data
-   00:00:08    col_3_data  col_4_data
-   00:00:08    col_3_data  col_4_data
-   00:00:09    col_3_data  col_4_data
-   00:00:09    col_3_data  col_4_data
-   00:00:09    col_3_data  col_4_data
-   00:00:09    col_3_data  col_4_data
-   00:00:09    col_3_data  col_4_data