Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

CSV fields and multiple timestamps

rasingh
Path Finder
‎03-08-2011 07:43 PM

I have a csv tab-delimited file with entries that looks like this:

GPDB20A LTO3 L03    03/08/11 06:01:20   1299592880  03/08/11 08:09:46   1299600586

I want to grab the 4th field timestamp. With no TIME_PREFIX, it grabs the timestamp from the second field. When I use the TIME_PREFIX below, it uses the time that the event was indexed:

TIME_PREFIX = (?i)^(?:[^\t]*\t){3}

I got that regex from the field extractor in the GUI.

Any ideas, please?

Tags (2)
Reply
1 Solution
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...