Hi,
I'm trying to redefine the timestamp for my resource that contains data as follows:

DBInit-27,21/02/2013 9:28:26,22/02/2013 16:30:16,0,R_1812,0,Netscape3.0,0,0,3,172.21.0.132,172.21.0.132,ohm-web-7.9.0-SNAPSHOT (6f5d6 - 2013-02-26 13:58:14),20130301_110723,1/03/2013 11:12:38,1/03/2013 11:12:45,7,True,DAVIDJ-3500,x86,4

By default, the timestamp that is extracted is the first one that it encounters, being 21/02/2013 9:28:26 in this case. However, I want to make the timestamp to be 1/03/2013 11:12:38 (the one before the last timestamp). For this, I added the following in C:\Program Files\Splunk\etc\apps\search\default\props.conf:

[source::C:\\Temp\\testResultLog.csv]
TIME_PREFIX = \d{8}_\d{6},
TIME_FORMAT = %d/%m/%y %H:%M:%S


The regex matches 20130301_110723, expecting to define the timestamp as I desire, as is explained in the manual.
Unfortunately, this has no effect; I tried to stop and start splunk; did a source="C:\\Temp\\testResultLog.csv" | extract reload=T; all to no effect ..

Thanks!