Hi Splunk et al,
I am working on using eventgen to use access and secure logs.
My test/sample app works as I am seeing events in my data summary, but the timestamps are off. I am seeing the original date/time of the timestamps in my sample log; and not events with current dates and times.
How do I fix that?
Thanks,
Andrew
ps.. below is my code from my eventgen.conf in my sample app
[www1access.log]
index = access
outputMode = modinput
sourcetype = andrew_access
source = www1access.log
interval = 300
earliest=now
latest=now
maxIntervalsBeforeFlush = 1
host = www5
↧