Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add a timestamp to a CSV file that will display the creation time instead of default modtime when parsing?

sergiu_popescu
New Member
‎10-10-2016 08:24 AM

I have the following problem:

I receive some text files (comma separated) which I need to index and search. Problem is that the files do not contain a field with a timestamp, and I would like to add as timestamp the file CREATION date and time instead of Splunk default file modtime (which apparently is the "last modified" attribute). I really don't have other ways, it's the first thing I thought about, this scenario (when I receive the files and index them afterwards) is the only feasible scenario. Any help would be highly appreciated, usually I find this type of info by myself, but I keep failing this time...

So, to summarize, I can't change the file names (the script which generates them is unaccessible), don't have access to the files original location (security reasons) - ergo I need to work on this particular scenario with file creation time instead of file last modified.

0 Karma
Reply

salmiahsan
New Member
‎07-23-2017 01:36 AM

Suggestion : Add dummy time and date column and save to any other file format . and revert back to .csv with dummy date and time remaining. ,You need to add a dummy column for date and time and save it .

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...