<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Unable to extract timestamp from CSV file in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Unable-to-extract-timestamp-from-CSV-file/m-p/540077#M90442</link>
    <description>&lt;P&gt;hi&amp;nbsp;&lt;a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/109754"&gt;@rajasha&lt;/a&gt;,&lt;BR /&gt;Drop&amp;nbsp;&lt;SPAN&gt;&lt;STRONG&gt;TIME_PREFIX&lt;/STRONG&gt; and&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;TIME_FORMAT&lt;/STRONG&gt;.&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;[websense:cg:kv]
TIMESTAMP_FIELDS = Date,Time
TRANSFORMS-eliminate_header = eliminate_header
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER = ,
HEADER_FIELD_LINE_NUMBER = 1&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;If this reply helps you, an upvote/like would be appreciated.&lt;/P&gt;</description>
    <pubDate>Tue, 16 Feb 2021 11:20:21 GMT</pubDate>
    <dc:creator>manjunathmeti</dc:creator>
    <dc:date>2021-02-16T11:20:21Z</dc:date>
    <item>
      <title>Unable to extract timestamp from CSV file</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Unable-to-extract-timestamp-from-CSV-file/m-p/540057#M90435</link>
      <description>&lt;P&gt;I'm trying to extract timestamp exactly from the CSV for each event, but doesnt happen. It show only indexed time in the search head results. Anything I'm doing here wrong ?&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Props.conf&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;[websense:cg:kv]&lt;BR /&gt;TIME_PREFIX ="(.*?1)","(.*?)"&lt;BR /&gt;TIME_FORMAT=[%d/%m/%y %H:%M:%S]&lt;BR /&gt;TRANSFORMS-eliminate_header = eliminate_header&lt;BR /&gt;INDEXED_EXTRACTIONS = CSV&lt;BR /&gt;FIELD_DELIMITER = ,&lt;BR /&gt;TIMESTAMP_FIELDS = Date,Time&lt;BR /&gt;HEADER_FIELD_LINE_NUMBER = 1&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Transforms.conf&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;[eliminate_header]&lt;BR /&gt;REGEX = "Date"|"Time"|"Action"|"Category Name"|"Localized Country"|"Policy Name"&lt;BR /&gt;DEST_KEY = queue&lt;BR /&gt;FORMAT = nullQueue&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Sample event:&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;"&lt;/SPAN&gt;&lt;SPAN class="t"&gt;16/02/2021&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;07:19:41&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Allowed&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Collaboration&lt;/SPAN&gt; &lt;SPAN class="t"&gt;-&lt;/SPAN&gt; &lt;SPAN class="t"&gt;Office&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;##DEFAULT_Policy&lt;/SPAN&gt;&lt;SPAN&gt;","abc@ff.com&lt;/SPAN&gt;&lt;SPAN&gt;","eer&lt;/SPAN&gt;&lt;SPAN class="t"&gt;-ltp-55dd8&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;live.com&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;pptsgs.officeapps.live.com:443/&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;34.98.220.117&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;United&lt;/SPAN&gt; &lt;SPAN class="t"&gt;States&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;52.109.124.129&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;United&lt;/SPAN&gt; &lt;SPAN class="t"&gt;States&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;10.212.168.62&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Unknown&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Unknown&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;594&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;17711&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;18305.0&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Endpoint&lt;/SPAN&gt;&lt;SPAN&gt; (&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Proxy&lt;/SPAN&gt; &lt;SPAN class="t"&gt;Connect&lt;/SPAN&gt;&lt;SPAN&gt;)","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Static&lt;/SPAN&gt; &lt;SPAN class="t"&gt;Classification&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;443&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;None&lt;/SPAN&gt;&lt;SPAN&gt;","&lt;/SPAN&gt;&lt;SPAN class="t"&gt;Connect"&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 16 Feb 2021 07:39:07 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Unable-to-extract-timestamp-from-CSV-file/m-p/540057#M90435</guid>
      <dc:creator>rajasha</dc:creator>
      <dc:date>2021-02-16T07:39:07Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to extract timestamp from CSV file</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Unable-to-extract-timestamp-from-CSV-file/m-p/540077#M90442</link>
      <description>&lt;P&gt;hi&amp;nbsp;&lt;a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/109754"&gt;@rajasha&lt;/a&gt;,&lt;BR /&gt;Drop&amp;nbsp;&lt;SPAN&gt;&lt;STRONG&gt;TIME_PREFIX&lt;/STRONG&gt; and&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;TIME_FORMAT&lt;/STRONG&gt;.&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;[websense:cg:kv]
TIMESTAMP_FIELDS = Date,Time
TRANSFORMS-eliminate_header = eliminate_header
INDEXED_EXTRACTIONS = CSV
FIELD_DELIMITER = ,
HEADER_FIELD_LINE_NUMBER = 1&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;If this reply helps you, an upvote/like would be appreciated.&lt;/P&gt;</description>
      <pubDate>Tue, 16 Feb 2021 11:20:21 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Unable-to-extract-timestamp-from-CSV-file/m-p/540077#M90442</guid>
      <dc:creator>manjunathmeti</dc:creator>
      <dc:date>2021-02-16T11:20:21Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to extract timestamp from CSV file</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Unable-to-extract-timestamp-from-CSV-file/m-p/540080#M90443</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/129090"&gt;@manjunathmeti&lt;/a&gt;&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I implemented the same in HF, but no luck. Still I'm seeing the same Indexed time stamp for all events and not the timestamp present in the csv file for each row. Please help.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 16 Feb 2021 12:24:43 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Unable-to-extract-timestamp-from-CSV-file/m-p/540080#M90443</guid>
      <dc:creator>rajasha</dc:creator>
      <dc:date>2021-02-16T12:24:43Z</dc:date>
    </item>
  </channel>
</rss>

