Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

CSV TImestamp Problem

mehal
New Member
‎10-07-2012 10:38 PM

Hello Folks,

I have a csv file which has timestamp divided among various fields.
(Initial 4 columns are shown)
year,quarter,month,day.....
2000,2,3,15
2009,4,10,23

etc..

now if i specify time format as %Y, %m, %d then it considers quarter as month and month as day.
I want to by-pass quarter and get values of year, month and day.

Can any one tell me how can I achieve this ??

If you have some doubt with question then do let me know.

Mehal

Tags (1)
0 Karma
Reply

dart
Splunk Employee
Splunk Employee
‎10-08-2012 07:06 AM

You'd have to specify a custom datetime.xml for parsing this.

Can you provide a complete sample?

0 Karma
Reply

mehal
New Member
‎10-08-2012 03:22 PM

Year is 4 digits long. example 1999
quarter is 1 digit long. example 3
month is max 2 digits long example 12 or 4
dayofmonth is max 2 digits long example 5 or 23
CRSdeptTime is 4 digits long example 0930 [09 hours 30 min]

0 Karma
Reply

mehal
New Member
‎10-08-2012 03:15 PM
  • also in between dayofweek and CRSDeptTime there are 10-15 columns.
0 Karma
Reply

mehal
New Member
‎10-08-2012 03:10 PM

Hi Dart,

The file has numerous number of data fields (columns)..
They are as below : (shown relevant only )
year,quarter,month,dayofmonth,dayofweek,.......,CRSDeptTime,....
where CRSDeptTIme has hours in from of hhmm.

Now i want to extract fields year, month , dayofmonth and CRSDeptTIme to determine timestamp..
Anyidea on how i can achieve this ???

In case still you have doubt with format plz do let me know.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...