|Applies To||RSA Product Set: NetWitness Logs & Network|
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 10.x, 11.x
O/S Version: 6, 7
|Issue||What are the differences in time, event.time and event.time.str meta keys found in log sessions in Security Analytics or NetWitness?|
|Resolution||time: Displays the time at which the event was received by the Log Decoder.|
event.time: Displays the time when the event was created as found in the event.
event.time.str: Displays the time prefixed by the Log Collector when the event was ingested into it.