@gcusello yeah i tried the data add via upload, there when i select sourcetype as csv there i can see the timestamp field. 

Hi @phanikumarcs,

the timestamp field is one of the columns of your csv file or it's automatically generated by Splunk because it isn't present in the csv file?

I don't see the timestamp field in the screenshot you shared.

In your screenshot and in your table there are only the following fields: Subscription Name, Resource Group Name, Key Vault Name, Secret Name, Expiration Date, Months.

Ciao.

Giuseppe

@gcusello

Thanks for you help to understand the issue. 

Case1:

Actually, there is no timestamp present in the provided csv. In the snapshot you're seeing the data is getting from sample i ingested from the dev machine via UF, here even i am not able to see in the events no "timestamp" field. 

Case2:

When i upload the csv in the data inputs, after selecting the sourcetype as "cmkcsv" there it is showing the timestamp field. So here whatever settings i added in the advance it's not at all removing the warning flag as "failed to parse timestamp defaulting to file modtime"

[ cmkcsv ]
DATETIME_CONFIG=CURRENT
INDEXED_EXTRACTIONS=csv
KV_MODE=none
LINE_BREAKER=\n\W
NO_BINARY_CHECK=true
SHOULD_LINEMERGE=false
TIME_FORMAT=%Y-%m-%d %H:%M:%S
TRUNCATE=200
category=Structured
description=Comma-separated value format. Set header and other settings in "Delimited Settings"
disabled=false
pulldown_type=true
TIME_PREFIX=^\w+\s*\w+,\s*\w+,\s*
MAX_TIMESTAMP_LOOKAHEAD=20

@gcusello Yeah, understood and did the same thankyou.
@ITWhisperer  any idea, need help here
So now i ingested the csv file, from this i am getting the 

index=foo host=nx7503 source=C:/*/mkd.csv
Fields:
Subscription
Resource
Key Vault
Secret
Expiration Date
Months

CSV file:

And from the lookup(foo.csv)

Lookup: foo.csv

when the "Expiration Date" match the "Resource" and "environment" trigger the alert and send mail to the respective emails(appOwner), how to get this.

I am not sure what you are asking of me here - your original issue seems to have been solved by @gcusello 

Hi @ITWhisperer  yes that is resolved. No worries.
@gcusello @ITWhisperer  please help

This is the other issue which is related to csv dataset and lookup dataset.

From this SPL: source="cmkcsv.csv" host="DESKTOP" index="cmk" sourcetype="cmkcsv"

Getting output below

From this lookup: | inputlookup cmklookup.csv
Getting output below

Combine the two queries into one, where the output will only display results where the 'environment' and 'Resource' fields match. For instance, if 'G01462' matches in both fields across both datasets, it should be included in the output. How i can do this, could anyone help here to write spl. I wrote some of the Spls but it's not working for me.

source="cmkcsv.csv" host="DESKTOP" index="cmk" sourcetype="cmkcsv"
|join type=inner [ | inputlookup cmklookup.csv environment]

source="cmkcsv.csv" host="DESKTOP" index="cmk" sourcetype="cmkcsv"
| lookup cmklookup.csv environment AS "Resource" OUTPUT "environment"

Hi @phanikumarcs 

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

If it is a new / different issue, please raise it as a new question, that way the solved one can stay solved and people can look to help with the unsolved one.

Done thank you @ITWhisperer