...ateLog timestamp is slightly off, and I would like to use the other one in Syslog messages instead: Apr 5 17:34:37.618
I succeed doing that by setting a TIME_PREFIX and MAX_TIMESTAMP_LOOKAHEAD.
P...
...ew York events seem to be getting automatically adjusted in the search results- this we don't want. We know that all events are indexed with the correct timestamp. How can we use the timestamps that w...
...ATE on the indexed record to be derived from the filename? I suspect that datetime.xml may be involved somehow. As an added complication, the logfile is read by a local (not lightweight) agent, p...