Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Can splunk extract timestamp till nano seconds

ips_mandar
Builder
‎09-18-2020 10:14 AM

Hi
I am trying to extract timestamp including nanoseconds but I am able to extract only 7 digits of nanoseconds though I used %9N in TIME_FORMAT.
Below is my sample event-

 

10,11/03/20 04:00:00.000000010,11/03/20,04:00:00,Zx: 6037,04:00:00,48d4c21c3014850838840a460424c05b20412128053ce6074720006e00f1ff5500000000000000,Mod=2,AckReq=0,RtBits=0,MsgSeq=35,OnRte=1,Id=46,VId=6037

 

 Below is my props.conf -

 

[abc_logs_st]
LINE_BREAKER = ([\r\n]+)
SHOULD_LINEMERGE = false
NO_BINARY_CHECK = true
category = Custom
pulldown_type = 1
disabled = false
TIME_PREFIX = ^\d+\,
MAX_TIMESTAMP_LOOKAHEAD = 30
TIME_FORMAT = %m/%d/%y %H:%M:%S.%9N

 

Why Splunk is considering only 7 digits after decimal..Is this bug in Splunk?


 Thanks.

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-18-2020 10:43 AM
Yes splunk can extract it to ms. Your data an props seems to be correct. You can test it with splunk by trying to add this data with splunk and use Setyings -> add data -> files and directories -> monitor. Then you can evaluate/check that props with your data and try to find what needs to change.
r. Ismo
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...