I would like to ask a doubt: for the following time format, we can use the following timestamp, just for an example time format:2020-11-09 11:20:35 timestamp:%Y-%m-%d %H:%M:%S   here is my doubt for the following 13 digit epoch time format which timestamp can we use? time format:1589479343000 timestamp:?  working on the Eventgen app to generate the 13 digit epoch time.   Thanks in Advance ... View more

Hi Everyone, I've added a txt file to SA-Eventgen sample folder and wrote the configuration in the eventgen.conf file as follows. [mihealth-https_error] mode = sample interval = 15 earliest = -15s latest = now count = 25 hourOfdayRate = { "0": 0.8, "1": 1.0: "2": 0.9, "3":0.7, "4":0.7, "5":0.7, "6":0.7, "7":0.7, "8":0.7, "9":0.7, "10":0.7, "11":0.7, "12":0.7, "13":0.7, "14":0.7, "15":0.7, "16":0.7, "17":0.7, "18":0.7, "19":0.7, "20":0.7, "21":0.7, "22":0.7, "23":0.7 } dayOfWeekRate = { "0": 0.7, "1": 0.7, "2": 0.7, "3": 0.6, "4": 0.8, "5": 1.0, "6": 0.9 } randomizeCount = 0.2 randomizeEvents = true outputMode = modinput sourcetype = eventgen_test3 source = eventgendemo3 index = eventgen token.0.token = \[(\w+\s\w+\s\d+\s\d+:\d+:\d+.\d+\s\d+)\] token.0.replacementType = timestamp token.0.replacement = %a %b %d %H:%M:%S.%6N %Y token.1.token = \(\w+\s\w+.(\w+).\w+:\d+\) token.1.replacementType = file token.1.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/orderType.sample   the txt data look like this in the sample folder: [Thu Jun 04 09:37:31.838874 2020] [ssl:info] [pid 24583] [client 10.10.10.1:39900] NC00000: Connection to child 8 established (server core.Company.com:443) it is not generating any events, could you please help me? Thanks in advance ... View more