How does SumoLogic automatic timestamp parsing work? Does it parse a line of log output and stop at the first occurrence of what appears to be a timestamp? What formats does it support?
I am aware that you can specify an exact format though I'm curious what default behavior is.
The Sumo collector has a list of Regexes that match potential timestamps. It then stops at the first match. Formats similar to http://docs.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html are usually supported, in addition to some epoch formats of 10, 13 digits (with or without up to 3 fractional digits).
