topic Time Format Help in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Time-Format-Help/m-p/541091#M90554 <P>I am looking for help figuring out how to represent the following timestamp as a prefix for parsing time/start of events. this is contained in some logs i was provided today and am having difficulty figuring out how to get pas the "o'clock" contained within the log files. these are new logs that were indexed under an existing sourcetype that already had a working/existing timestamp format.<BR /><BR />Old format: (majority of logs)<BR /><SPAN>[</SPAN><SPAN class="t"><SPAN class="t h">2021-02-23T14:37:26.659</SPAN>-07:00</SPAN><SPAN>]</SPAN><BR /><BR />New/abnormal format: (some weird new stuff)&nbsp;<BR />&lt;23-Feb-2021 2:21:41 o'clock PM MST&gt;<BR /><BR />I am trying to figure out how best to capture the new format logs from the existing sourcetype and redirect them into the proper timestamp configuration or a new sourcetype of their own.</P> Tue, 23 Feb 2021 21:39:21 GMT rlaan 2021-02-23T21:39:21Z Time Format Help https://community.splunk.com/t5/Getting-Data-In/Time-Format-Help/m-p/541091#M90554 <P>I am looking for help figuring out how to represent the following timestamp as a prefix for parsing time/start of events. this is contained in some logs i was provided today and am having difficulty figuring out how to get pas the "o'clock" contained within the log files. these are new logs that were indexed under an existing sourcetype that already had a working/existing timestamp format.<BR /><BR />Old format: (majority of logs)<BR /><SPAN>[</SPAN><SPAN class="t"><SPAN class="t h">2021-02-23T14:37:26.659</SPAN>-07:00</SPAN><SPAN>]</SPAN><BR /><BR />New/abnormal format: (some weird new stuff)&nbsp;<BR />&lt;23-Feb-2021 2:21:41 o'clock PM MST&gt;<BR /><BR />I am trying to figure out how best to capture the new format logs from the existing sourcetype and redirect them into the proper timestamp configuration or a new sourcetype of their own.</P> Tue, 23 Feb 2021 21:39:21 GMT https://community.splunk.com/t5/Getting-Data-In/Time-Format-Help/m-p/541091#M90554 rlaan 2021-02-23T21:39:21Z Re: Time Format Help https://community.splunk.com/t5/Getting-Data-In/Time-Format-Help/m-p/541106#M90557 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/121623">@rlaan</a>,</P><P>You can use below time format;</P><LI-CODE lang="markup">TIME_PREFIX = &lt; TIME_FORMAT = %d-%b-%Y %I:%M:%S o'clock %p %Z</LI-CODE> Wed, 24 Feb 2021 04:27:34 GMT https://community.splunk.com/t5/Getting-Data-In/Time-Format-Help/m-p/541106#M90557 scelikok 2021-02-24T04:27:34Z