How do I set up a custom schema using fastmatch if the logs I'm using have timestamps in a format like the following?
Feb 16 15:52:45 system app[123]: Message with spaces
Fastmatch doesn't support timestamps with spaces because fastmatch treats spaces as a delimiter. For logsĀ like the sampleĀ above, we would recommend using regex, such as the following.
([A-Z][a-z]+ \d{1,2} \d{2}:\d{2}:\d{2}) (.*)
For more information about fastmatch, see our documentation here.