If I have a custom sourcetype with fields delimited by `,`, the first field in the data is what I want to extract as the event time. What should be in the transforms.conf file for the FIELDS = ?
The data looks like: `05-Oct-2016 12:45:17, Jon, Sally, Sue,`
How should I configure transforms.conf? `FIELDS = ????, Name1, Name2, Name3`
↧