Log file splitters
The splitters provided with the Insight Pack are described here as a reference for users.
The Insight Pack supports the ISO 8061 timestamp, yyyy-mm-ddTHH:mm:ss.SSSSSSX where X is the GMT offset. Each log record begins with an ISO-formatted timestamp and is split across timestamp boundaries. An example of the ISO-formatted timestamp generated by rsyslog is:
2013-06-26T12:21:29.471400-04:00The IBM® Operations Analytics - Log Analysis index function is limited to milliseconds in the date format. The Syslog Insight Pack will annotate the timestamp and round up the microseconds. The sample ISO-formatted timestamp will be indexed with the following format for the index configuration:
yyyy-mm-ddTHH:mm:ss.SSSXand rendered in the IBM Operations Analytics - Log Analysis search UI as:
06/26/2013 16:21:29.471-04:00