I acquired some logs from a scrip (close to ps.sh) with a timestamp correctly recognized at index time.
The problem is that the "timestamp" field is always equal to "none" so I cannot have the other date fields (date_wday, date_hour, etc...).
I tried to configure the TIMESTAMP_FORMAT but I always acquire events with "timestamp=none".
Anyone has any idea?
thank you in advance.
Bye.
Giuseppe
↧
