Hi All i have onboarded linux logs from S3--> Splunk . I found additional timestamp is getting attached to the events. Can you please help me in removing the additional timestamp. Below is the expected log format. Before, 2020-07-01T10:59:58Z messages {"message":"Jun 1 10:59:58 stg-coinbrh: [get_meta] Trying to get http://10.4.3.1/latest/meta-data/network/interfaces/macs/06:c3:45:12:56:12/subnet-ipv4-cidr-block"} 2020-07-01T10:59:58Z messages {"message":"Jun 4 10:59:58 stg-mbcoln: [rewrite_aliases] Rewriting aliases of eth0"} After, Jun 1 10:59:58 stg-coinbrh: [get_meta] Trying to get http://10.4.3.1/latest/meta-data/network/interfaces/macs/06:c3:45:12:56:12/subnet-ipv4-cidr-block Jun 4 10:59:58 stg-mbcoln: [rewrite_aliases] Rewriting aliases of eth0 Please help me in defining exact props and transforms settings to achieve this. Thanks in advance
... View more