NwLogDecoder crashed on us, and it took a couple of days before this was fixed. In the mean time logs queued up, and after parsing, their meta field time is now different from the meta field event.time.
When I try to search for these log messages, I can't use the time picker (Ex: Last 5 minutes) in the display because it uses the meta field time which is from yesterday instead of 4 days ago when the log concentrator received the message.
Hi Ronald,
you may need to wait till sessions behind in Concentrator config page to be processed to catch up with recent logs.