All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for GCP: Changing index time from date of ingestion to an already present fields

Théophane_GUE
Loves-to-Learn Lots
‎12-04-2023 04:57 AM

Hello Splunkers,

I m currently implementing a connection from multiple GCP Buket to Splunk enterprise.
The Add-on automatically index the datas from those buckets on the _timestamps it get them (So if I have a list of transactions from mars to november 2023, that are forwarded today, they will still be index at the same time.
However, I would like for some of those datas to be indexed using a timefields present in the data, depending on the apps that use them (For example App 1 has a time fields named "Start_date" and app 2 has another one named "end_date")
Unfortunately, i cant think of a way to do it, maybe in the props.conf file, but I'm not sure.

Any advices? Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...