We have had the need to inject various logs into elastic for searching/reporting, but struggling to get the parsing right away. Is there a way to natively have several patterns that search the logs for standard date/time stamps and use those date/timestamps for injected logs instead of processed time? I understand there is some work needed to get grok patterns built out, but would help out analysts out of the box, if we could use this to inject dynamic logs and use the raw date/time to timeline out logs even if they were not fully normalized. If not, could this be a feature request?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.