000036816 - Differences on time, event.time and event.time.str meta keys in RSA Security Analytics and NeWitness log sessions.

Document created by RSA Customer Support Employee on Oct 8, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036816
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 10.x, 11.x
Platform: CentOS
O/S Version: 6, 7
IssueWhat are the differences in time, event.time and event.time.str meta keys found in log sessions in Security Analytics or NetWitness?
Resolutiontime: Displays the time at which the event was received by the Log Decoder.
event.time: Displays the time when the event was created as found in the event.
event.time.str: Displays the time prefixed by the Log Collector when the event was ingested into it.