https://community.splunk.com/t5/Getting-Data-In/How-configure-Splunk-to-get-the-correct-timestamp-from-SQL-data/m-p/115595#M24173 <P>Thank you! It's worked! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 09 Sep 2014 16:28:32 GMT danielvalle 2014-09-09T16:28:32Z https://community.splunk.com/t5/Getting-Data-In/How-configure-Splunk-to-get-the-correct-timestamp-from-SQL-data/m-p/115593#M24171 <P>Hi, </P> <P>I am using Splunk to get data files from SQL queries. One of the fields in the document corresponds to the date.</P> <P>I can assign the format required:</P> <P>01/25/2014<BR /> 01/25/2014 <BR /> 2014/01/25 <BR /> etc. .. </P> <P>Right now, I'm testing with a file with the following format:</P> <TABLE><THEAD> <TR> <TH>Timestamp</TH> <TH>CUENTA</TH> <TH>IP</TH> </TR> </THEAD><TBODY> <TR> <TD>11/22/00</TD> <TD>reportes</TD> <TD>192.168.60.10</TD> </TR> <TR> <TD>02/15/00</TD> <TD>admin</TD> <TD>192.168.1.24</TD> </TR> <TR> <TD>01/27/00</TD> <TD>publico</TD> <TD>192.168.1.82</TD> </TR> <TR> <TD>01/27/00</TD> <TD>publico</TD> <TD>192.168.1.82</TD> </TR> <TR> <TD>01/27/00</TD> <TD>publico</TD> <TD>192.168.1.82</TD> </TR> </TBODY></TABLE> <P>but I can not get Splunk correctly recognize the timestamp field and when I preview the result before the load is as follows: </P> <P>Timestamp Timestamp CUENTA IP<BR /> 1 9/9/01 1:48:19.000 PM -----------+--------------+----------------- N/A N/A<BR /> 2 9/9/01 1:48:19.000 PM 11/22/00 reportes 192.168.60.10<BR /> 3 9/9/01 1:48:19.000 PM 02/15/00 admin 192.168.1.24<BR /> 4 9/9/01 1:48:19.000 PM 01/27/00 publico 192.168.1.82<BR /> 5 9/9/01 1:48:19.000 PM 01/27/00 publico 192.168.1.82<BR /> 6 9/9/01 1:48:19.000 PM 01/27/00 publico 192.168.1.82<BR /> 7 9/9/01 1:48:19.000 PM 01/27/00 admin 192.168.1.82<BR /> 8 9/9/01 1:48:19.000 PM 01/27/00 admin 192.168.1.82<BR /> 9 9/9/01 1:48:19.000 PM 01/27/00 cat 192.168.1.82<BR /> 10 9/9/01 1:48:19.000 PM 01/27/00 admin 192.168.1.82<BR /> 11 9/9/01 1:48:19.000 PM 02/09/00 admin 127.0.0.1</P> <P>Do I have to configure the data file in some special way? Should I somehow configure Splunk to recognize the value of the timestamp field? </P> <P>Thank you very much for your help,</P> Mon, 08 Sep 2014 16:26:57 GMT https://community.splunk.com/t5/Getting-Data-In/How-configure-Splunk-to-get-the-correct-timestamp-from-SQL-data/m-p/115593#M24171 danielvalle 2014-09-08T16:26:57Z https://community.splunk.com/t5/Getting-Data-In/How-configure-Splunk-to-get-the-correct-timestamp-from-SQL-data/m-p/115594#M24172 <P>use this in props.conf<BR /> MAX_DAYS_AGO=10951<BR /> NO_BINARY_CHECK=1<BR /> SHOULD_LINEMERGE=false<BR /> TIME_FORMAT=%m/%d/%y<BR /> TIME_PREFIX=^</P> <P>or write in advanced mode(props.conf) in text (web) when you are doing preview</P> Mon, 28 Sep 2020 17:31:12 GMT https://community.splunk.com/t5/Getting-Data-In/How-configure-Splunk-to-get-the-correct-timestamp-from-SQL-data/m-p/115594#M24172 kml_uvce 2020-09-28T17:31:12Z https://community.splunk.com/t5/Getting-Data-In/How-configure-Splunk-to-get-the-correct-timestamp-from-SQL-data/m-p/115595#M24173 <P>Thank you! It's worked! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 09 Sep 2014 16:28:32 GMT https://community.splunk.com/t5/Getting-Data-In/How-configure-Splunk-to-get-the-correct-timestamp-from-SQL-data/m-p/115595#M24173 danielvalle 2014-09-09T16:28:32Z