Gave that a shot and it didn't change anything. The time stamp doesn't work every event, even thought they are structured the same.
Timestamp extract from this event with 2 lines
{"correlationId":"87165dae-6c7f-415f-8133-f30f955cbfb3", "logger":"stuff.XslUtil", "timestamp":"2016-09-22T13:36:58,861 MDT", "level":"INFO ", "threadId":"", "thread":stuff-http--80", "threadPriority":"", "message":"transform operation completed - run timing info: 6 ms"}
{"correlationId":"87165dae-6c7f-415f-8133-f30f955cbfb3", "logger":"stuffController", "timestamp":"2016-09-22T13:36:58,887 MDT", "level":"INFO ", "threadId":"", "thread":"tomcat-http--80", "threadPriority":"", "message":"stuffClasses operation completed - total time: 429 ms"}
Timestamp not extracted from this event with a single line
{"correlationId":"88e9b32e-3666-4615-9eb6-54dc45ac436c", "logger":"kennis.kdp.handler.PassthroughResourceHandler", "timestamp":"2016-09-22T13:36:55,352 MDT", "level":"INFO ", "threadId":"", "thread":"tomcat-http--19", "threadPriority":"", "message":"Denodo part of process completed in 432 ms, resourceEndPoint :[/server/kennis__fund_v2_0/fund_classes/rest/v2/@@fundClass@@/]"}
I'm just dealing with the source types GUI since it's Splunk Cloud. I'd attach some photos, but I don't have enough karma points
... View more