Getting Data In

Add File Date Info to Monitored File Date

hartfoml
Motivator

I have a folder that a user puts files in on a semi regular bases. I monitor the folder for new files and put the items in the file into a separate index to use for search. I dedup the events before doing the search so that I don't search for any event twice even if the entry is put in the index twice because the event is in multiple files in the folder. I would like to add the file date to each event in the file so that I know when an event was created. the date on the file is the creation date not the date of index.

How can I add the file date onto each event in the file that is being indexed?

Tags (2)
0 Karma
1 Solution

Ayn
Legend

If file date == index date, just use the field _indextime which holds this information.

View solution in original post

0 Karma

Ayn
Legend

If file date == index date, just use the field _indextime which holds this information.

0 Karma

hartfoml
Motivator

In most cases the file date will be the _indextime date field. the file may be created and moved into the folder on different dates. the file may be created on 5/22 but not put in the folder till 5/23. I would like all the events in the file to have the 5/22 origination date not the indexed date. Thanks for the tip and I will use the _indextime unless anyone else has a suggestion.

Thanks Ayn

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...