Workaround:
Replace with: ${S_FULLDATE}
Step 5.) Next, check the Global options checkbox and then commit your changes.
NOTE: These changes will need to be made on any/all sources in wish it is desired to be able to search using the Timestamp.
Once done the Timestamp will become searchable using the following criteria:
nvpair:.sdata.custom@18372.4.timestamp=YEAR\ MONTH(Abbreviated to 3 characters)\ \ DAY\ HOUR:MINUTE:SECOND
An example of this would look like this:
nvpair:.sdata.custom@18372.4.timestamp=2019\ Jul\ \ 5\ 10:19:29
If searching for all logs on July 5th, 2019 the following search could be used:
nvpair:.sdata.custom@18372.4.timestamp=*2019*Jul*5
Ifsearching for all logs on July 5th, 2019 at 10am in the morning the following search could be used:
nvpair:.sdata.custom@18372.4.timestamp=*2019*Jul*5*10:*:*
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책 Cookie Preference Center