Timestamp Issues
Issue:
Event timestamp & _time field do not match
Scenario-1:
Scenario-1:
All events are showing the same Timestamp (current timestamp)
Root Cause:
Root Cause:
Event timestamp is not in the standard format.
Solution:
Solution:
Configure your custom timestamp format in the sourcetype, as shown below in props.conf file