I am a newbie and I have understood basics on how to use the props.conf. But I dont find any doc on ingesting events from AWS SQS then how do I config the props.conf file to include event_timestamp as _time.
Definition says in props.conf is always based on `source | sourcetype | host`; correct me here if I am wrong. But in case of AWS SQS, all the 3 values are same for more than 1 index. I want this change only for 1 specific index.
Appreciate some insight
↧