Hi,
How I would write TIME_PREFIX and TIME_FORMAT for props configuration file for the following events (4- sample events given below). Any help will be highly appreciated. Thank you!
[Tue Jun 15 00:00:26.337 EDT 2021] [CommonPool:6554] Process ID = 744021
[Tue Jun 15 00:00:26.337 EDT 2021] [CommonPool:6554]
[Tue Jun 15 00:00:26.337 EDT 2021] [CommonPool:6554] Realm Server Details : XXX
[Tue Jun 15 00:00:26.337 EDT 2021] [CommonPool:6554] Product = Universal Messaging
Hi @SplunkDash
Can you try this?
[<your_sourcetype_name>]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)\[\w+\s+\w+\s+\d+\s+\d+:\d+:\d+.\d+\s+\w+\s+\d+\]
NO_BINARY_CHECK=true
TIME_PREFIX=^\[
TIME_FORMAT=%a %b %d %H:%M:%S.%3Q %Z %Y
---
An upvote would be appreciated and Accept solution if it helps!
Thank you so much, appreciated! ......working as expected 😊!!!