I have log data that has a timestamp in this format 20160530/001020.670
I uploaded the log directly into Splunk to test with and Splunk is ignoring the timestamp and assigning it's own timestamp which does not match the log data.
I cleared the data from that index and re-uploaded the data and currently on the 'Set Sourcetype' step. There's a section labeled 'Timestamp' which has 'Timestamp format' , 'Timestamp prefix' , and 'Lookahead'..
How can I get Splunk to recognize the timestamp 20160530/001020.670 and convert it to 5/30/16 12:10:20.670 AM?