I have a logfile that generates exceptions. When there is no exception it just generates event lines with a header and a footer.
These events without a timestamp generate timestamp parsing issues as expected.
This is shown in the MC-->ndexing->Inputs-Data Quality->Timestamp Parsing issues.
All correct so far....
So I have created a props and transforms to send these garbage header and footer events to the nullqueue. This works fine.
When I now search for this sourcetype the garbage events do no show up anymore. Exactly what I want....
But in the Monitoring Console this sourcetype / header footer garbage events still generate timestamp parsing issues.
I think this is a bug in Splunk?