Hi there. Did you saw in many events, exploding the event to detail, the _time field has a "+" icon on its side? Exploding it, give the detail of created _time field, What's that? I...
See more...
Hi there. Did you saw in many events, exploding the event to detail, the _time field has a "+" icon on its side? Exploding it, give the detail of created _time field, What's that? In other events i can't see the "+" icon, also on same server/path/log, Is it some kind of, "+" == I, SPLUNK INDEXER, ELABORATED THE TIMESTAMP WITH MY ALGORITHMS BY MYSELF IN THIS WAY clean, no "+" == automatic timestamp calculation, no elaboration, i found it yet cooked ? Thanks.