It recognizes the datetime correctly based on the first line, but it seems to randomly be grouping up lines.
Example log that has wildly different times, but Splunk thinks is a single event
[INFO][DesDycrptor][20170911-19:55:46.798] Decrypting file: equity_option_open_uf.dif.gz.enc.20170911
[INFO][DesDycrptor][20170911-19:55:46.800] Unzipping file: equity_option_open_uf.dif.gz
[INFO][S3Client][20170911-19:55:46.803] Copying file: /tmp/###############-7351797381042467611/equity_option_open_uf.dif to s3 bucket: ###################### key: ##########/#######/2017/09/11/equity_option_open_uf.dif.20170911.
↧