Log Monitoring Classic
Log Monitoring can read and analyze:
System, Security, and Application logs are automatically discovered on hosts. Other custom event-log format logs can be added manually on the environment level. The timestamp is sourced from an event's attribute, Event.System.TimeCreated.<xmlattr>.SystemTime
.
Any plain-text log file is valid as long as it is encoded in UTF-8 or UTF-16. The timestamp is detected automatically when it is present, according to the rules described in Supported timestamp formats (Logs Classic). It is also possible to configure your timestamp. If no timestamp is present, the log format is still valid. In such case, each line that doesn't start with a whitespace is treated as the beginning of a new log record, and is automatically assigned a timestamp that is the time of reading a log record by OneAgent.
There is no specific support for JSON. It is treated as text.
For more details, see Supported timestamp formats.