Hi, I created my custom input (mytest.conf.tmpl) by coping the /opt/sc4s/local/config/log_paths/lp-example.conf.tmpl. When I send following event to SC4S from port 5144, timestamp is extracted as attach "1/28/21 4:31:30.000 PM" . I see that timestamp is extracted by adding three hours to this (Jan 28 13:21:30 ) However when I read from file mytest123.log, as you can see timestamp is extracted correctly 1:21:27 PM. props.conf for mytest123.log [sc4s:forcepoint] TIME_PREFIX= \srt= MAX_TIMESTAMP_LOOKAHEAD=15 How can I extract timestamp correctly? Thanks, Converted 13 digit epoch time = Thursday, January 28, 2021 1:21:27 PM GMT+03:00 "<13> Jan 28 13:35:04 myhost vendor=myvendor product="My xx Security" version=9.9.9 event=Message dvc=111.111.111.111 dvchost=myhost rt=1611829287000 externalId=999999900000000 messageId=mmmmm suser="abcd@xxx.com" duser="aa.bb@xxxx.com " msg="MY Event""
... View more