Archive

Timestamp creation- index time from csv file

Path Finder

Hi All,

I have a situation where the data is in csv format and first two columns have date and time information, my requirement is to create _time using both columns during indexing.

Sample Logs:
012518,12:34:41:163,1
012618,16:04:42:100,10

I am facing problems in creating configs for the same.

_
Regards,
Sidhant

Tags (1)
0 Karma
1 Solution

SplunkTrust
SplunkTrust

hey,

Just assign below in inputs.conf wherever your monitor stanza is!

[<your_monitor_stanza>]
index = <your_index>
sourcetype = csv

Let me know if this helps!

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

hey,

Just assign below in inputs.conf wherever your monitor stanza is!

[<your_monitor_stanza>]
index = <your_index>
sourcetype = csv

Let me know if this helps!

View solution in original post

0 Karma

Path Finder

It helps @mayurr98 , but I have a custom sourcetype, although I could find the solution: TIME_FORMAT=%m%d%y,%H:%M:%S:%3N

0 Karma

SplunkTrust
SplunkTrust

yeah, if you have a custom sourcetype then TIME_FORMAT=%m%d%y,%H:%M:%S:%3N this would do!

0 Karma

Champion
DATE,TIME,COUNT
012518,12:34:41:163,1
012618,16:04:42:100,10

Can you retrieve it with data source CSV? In my environment _time has been set without any particular settings.

0 Karma

Path Finder

Yes, correct! This is because you are using default sourcetype(csv). I have a custom sourcetype.

0 Karma