There is no time field in my log and I tried to get time from the source file name I tried the settings below myfile /var/log/data_01_20220507 /var/log/data_02_20220506 . . transforms.conf [get_date] SOURCE_KEY=MetaData:Source REGEX=/var/log/data_01_\d+_(?P<date>\d+)\.LOG [set_time] INGEST_EVAL= _time = strptime(date,"%Y%m%d") + random() %1000 props.conf [mysourcetype] DATETIME_CONFIG = SHOULD_LINEMERGE = false LINE_BREAKER = ([\r\n]+) NO_BINARY_CHECK = true disabled = false TRANSFORMS-time_set= get_date , set_time However, it is timed in real time and the settings do not take effect. The universal forwarder sends data to the indexer, and I put this setting in the indexer What's the problem?
... View more