timestamp
epoch
# get epoch timestamp
date --date='2024-01-01 7:36:12' +"%s"
1704090972
# get ISO timestamp
echo 1704090972 | jq 'todate'
apache
aws-alb
sourcetype="aws:elb:accesslogs" Records{}.awsRegion="sa-east" "Records{}.eventSource"="elasticloadbalancing.amazonaws.com"
"Records{}.resources{}.accountId"=123456789
IIS
# aspx webshell - top referer
grep ".*.aspx" *.log | cut -d " " -f11 |sort | uniq -c|sort