Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting date and time from CSV

psow_splunk
Splunk Employee
Splunk Employee
‎10-24-2013 09:24 AM

Hi,

This is on Splunk 5 and I have a csv file sample header as foo,foo2,foo3,foo4,foo5,foo6
The date is on foo3 as 17/5/13 and the time is on foo5 as 815

I have the below in my props

[stype]

INDEXED_EXTRACTIONS = CSV

TIMESTAMP_FIELDS = foo3,foo5

TIME_FORMAT=%d-%m-%y %H%M

SHOULD_LINEMERGE = False

pulldown_type = 1

HEADER_FIELD_LINE_NUMBER = 1

REPORT-stype = stype_extract

and transform

[stype_extract]

DELIMS=","

FIELDS = "foo1", "foo2", "foo3", "foo4", "foo5",

Please kindly advise where i am missing. Thanks

Tags (2)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎10-24-2013 10:12 AM

Well, your date format specifies "-", but the data you say uses "/".

Also, indexed extractions only work on Splunk 6.0 and higher, not 5.

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...