Solved: CSV file import, problem with date format

tompadora · ‎11-27-2017

I have been trying to onboard at custom dataset into splunk as a csv file.
But the dateformat doesnt get right.

199703260005,1997,3,26,,0,,160,Philippines,5,Southeast

First is the year 4 digits , then month 2 digits and date 2 digits and a prefix
Any suggestions?
Thanks in advance
/Thomas

MuS · ‎11-27-2017

Hi tompadora,

if the time the first combination of 199703260005 then add the following line to your props.conf:

[cvsSourceTypeNameHere]
TIME_FORMAT = %Y%m%d

if it is the second one ,1997,3,26 then add this to your props.conf:

[cvsSourceTypeNameHere]
TIME_PREFIX = \d{12},
TIME_FORMAT = %Y,%m,%d

Hope this helps ...

cheers, MuS

View solution in original post

woodcock · ‎11-27-2017

You will almost certainly have to adjust some other limit settings in order for your events to be indexed, namely MAX_DAYS_AGO, otherwise you will see the events skipped with a log like "YourOldTimeHere is outside of the acceptable time window".

MuS · ‎11-27-2017

Hi tompadora,

if the time the first combination of 199703260005 then add the following line to your props.conf:

[cvsSourceTypeNameHere]
TIME_FORMAT = %Y%m%d

if it is the second one ,1997,3,26 then add this to your props.conf:

[cvsSourceTypeNameHere]
TIME_PREFIX = \d{12},
TIME_FORMAT = %Y,%m,%d

Hope this helps ...

cheers, MuS

CSV file import, problem with date format

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

Join the Conversation