I have syslog files that are in the directory structure of system/Hosts/year/month/day
I've been able to get the indexer to list the file date as date time (Aug 13 2:00:01) based on input to props.conf.
What I would really like to do is combine the year directory name combined with the date time (2013 Aug 13 2:00:01). Can anyone tell me if this is possible and if so how to do it. Without the year I'm not sure how I would be able to search for events happening at specific year month day
TIA
PJ