How can I get date from filename and time from ins...

dfigurello · ‎10-09-2015

Hi Splunkers,

How can I get date from filename and time from inside the logs.
For example:

I have a file named LOG_09-10-2015.TXT and inside the log it contains something like:

23450001 value value value value
23450001 value value value value

I'd like to get the date from filename "09-10-15" and the time from file "23:45:00.01".

I tried many configurations but I didn't had suscess.

I changed the configuration at datetime.xml:
I put in "C:\Program Files\Splunk\etc\apps\search\local"

(...)

My props.conf is:

[logs_test]

DATETIME_CONFIG=C:\Program Files\Splunk\etc\apps\search\local\datetime.xml

Let me know if you guys need more information,

Thanks for any suggestions.

badrinath_itrs · ‎10-11-2015

Hi,

Can you take a look into the below article .

Regards,
Badri

dfigurello · ‎10-11-2015

Hi Badri,

I'd seen this topic and I followed all the steps but I didn't had success.
I am trying with Splunk 6.3 in Windows and Linux too.

Regards,

muebel · ‎10-09-2015

hmm, this is a good one heh

How can I get date from filename and time from inside logs.