I have i feeling I already know the answer to this (which is probably "can't be done") but worth a shot.
The application logs I'm recording have the unfortunate incident of having no year specified in the timestamp for the log events, so it always assumes it's current year. There are exceptions: in the log event message for application startup it will specify the year. So i would like to pull the year from that event and then attach it as the year for every subsequent event in that log file until it hits the next startup event.
Is this possible? Will this need to be done by a third-party program/script prior to being pushed to Logstash?