FYI, solution found by a co-worker.  Here is the search that omits/filters 1am UTC from the results (a second before and after):  

index=morpheus6* "Found ANC VITC in source 01:00:00;00" | where !((date_hour = 1 AND date_minute = 0 AND date_second = 0) OR (date_hour = 00 AND date_minute = 59 AND date_second = 59))

Hey @ITWhisperer , apologies for the delayed response.  Here is the current search:  

index=morpheus6* "Found ANC VITC in source 01:00:00;00"

It produced the following results today:

6/2/23
2:30:00.000 PM
"2023-06-02 14:30:00;05","ICER43","BA69","Information","REC246","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER43source = C:\Logs\2023-06-02_XREC43.logsourcetype = ICERLog
6/2/23
2:30:00.000 PM
"2023-06-02 14:30:00;03","ICER43","7DAA","Information","REC246","Found ANC VITC in source 01:00:00;00"
host = DEN-6YMR-ICER43source = C:\Logs\2023-06-02_YREC43.logsourcetype = ICERLog
6/2/23
1:30:00.000 PM
"2023-06-02 13:30:00;03","REC241_242","78DE","Information","REC242","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER41source = C:\Logs\2023-06-02_XREC41.logsourcetype = ICERLog
6/2/23
1:00:00.000 PM
"2023-06-02 13:00:00;03","REC241_242","70E5","Information","REC241","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER41source = C:\Logs\2023-06-02_XREC41.logsourcetype = ICERLog
6/2/23
3:00:00.000 AM
"2023-06-02 03:00:00;03","REC241_242","2A01","Information","REC242","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER41source = C:\Logs\2023-06-02_XREC41.logsourcetype = ICERLog
6/2/23
2:00:00.000 AM
"2023-06-02 02:00:00;03","REC241_242","FF28","Information","REC241","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER41source = C:\Logs\2023-06-02_XREC41.logsourcetype = ICERLog
6/2/23
1:00:00.000 AM
"2023-06-02 01:00:00;03","ICER61","FE44","Information","REC261","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER61source = C:\Logs\2023-06-02_XREC61.logsourcetype = ICERLog
6/2/23
1:00:00.000 AM
"2023-06-02 01:00:00;02","REC241_242","F70F","Information","REC242","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER41source = C:\Logs\2023-06-02_XREC41.logsourcetype = ICERLog
6/2/23
1:00:00.000 AM
"2023-06-02 01:00:00;03","ICER62","C2DE","Information","REC266","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER62source = C:\Logs\2023-06-02_XREC62.logsourcetype = ICERLog
6/2/23
1:00:00.000 AM
"2023-06-02 01:00:00;03","ICER61","68BC","Information","REC261","Found ANC VITC in source 01:00:00;00"
host = DEN-6YMR-ICER61source = C:\Logs\2023-06-02_YREC61.logsourcetype = ICERLog
6/2/23
1:00:00.000 AM
"2023-06-02 01:00:00;03","ICER62","EA99","Information","REC266","Found ANC VITC in source 01:00:00;00"
host = DEN-6YMR-ICER62source = C:\Logs\2023-06-02_YREC62.logsourcetype = ICERLog
6/1/23
11:00:00.000 PM
"2023-06-01 23:00:00;03","REC241_242","F2EB","Information","REC241","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER41source = C:\Logs\2023-06-01_XREC41.logsourcetype = ICERLog
6/1/23
9:00:00.000 PM
"2023-06-01 21:00:00;03","REC241_242","DA8F","Information","REC242","Found ANC VITC in source 01:00:00;00"
host = DEN-6XMR-ICER41source = C:\Logs\2023-06-01_XREC41.logsourcetype = ICERLog

The ones at 01:00:00;00 to 01:00:00;03 are legit.  The others are errors.