Normalisation for Miliseconds

Help Center Logpoint Docs Idea Portal Logpoint.com

<123>2024-01-11T11:11:11.123Z hostname
I want to remove two fields from the above rohdaten using normalization, so to say. After normalization I should have the following fields:
milliseconds=123
log_ts=2024-01-11T11:11:11Z

Can I do this in normalization (or signature)? If yes, can you write me the normalization/signature rule?

This problem can be solved like this:

| <<:int>><log_ts:datetime_m> <host:all>

but I don't want that. I want to separate my fields at the beginning using normalization.

Be the first to reply!

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded