NwLogDecoder crashed on us, and it took a couple of days before this was fixed. In the mean time logs queued up, and after parsing, their meta field time is now different from the meta field event.time.
When I try to search for these log messages, I can't use the time picker (Ex: Last 5 minutes) in the display because it uses the meta field time which is from yesterday instead of 4 days ago when the log concentrator received the message.