Getting Data In

How to extract the timestamp from an HTML file?

tfitzgerald_col
Engager

Howdy. I'm trying to index an HTML file, and I can not, for the life of me, get the timestamp to extract when using the preview. Here's the event:

<abbr class="dt" title="2013-05-27T04:24:58.979Z">May 27, 2013, 4:24:58 AM
GMT</abbr>:
<cite class="sender vcard"><a class="tel" href="tel:+*******"><span class="fn">+**********</span></a></cite>:
<q>Yeah, I'll be there</q></div> 

And here's what I'm using for settings.

TIME_FORMAT = %Y-%m-%dT%H:%M:%S
TIME_PREFIX = <abbr class="\w+" title="
MAX_TIMESTAMP_LOOKAHEAD = 19

It's just not finding the timestamp at all. Any idea why? I've tried a few other iterations, even going so far as to make the prefix <.*>, and setting the time format to match the second timestamp; still nothing. I'm getting pretty frustrated.

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

I would avoid using any kind of tag notation within TIME_PREFIX. Have you tried just as below?

TIME_PREFIX= title="
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%N%Z
0 Karma
Get Updates on the Splunk Community!

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...