Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to extract the timestamp from an HTML file?

tfitzgerald_col
Engager
‎12-18-2014 06:34 AM

Howdy. I'm trying to index an HTML file, and I can not, for the life of me, get the timestamp to extract when using the preview. Here's the event:

<abbr class="dt" title="2013-05-27T04:24:58.979Z">May 27, 2013, 4:24:58 AM
GMT</abbr>:
<cite class="sender vcard"><a class="tel" href="tel:+*******"><span class="fn">+**********</span></a></cite>:
<q>Yeah, I'll be there</q></div>

And here's what I'm using for settings.

TIME_FORMAT = %Y-%m-%dT%H:%M:%S
TIME_PREFIX = <abbr class="\w+" title="
MAX_TIMESTAMP_LOOKAHEAD = 19

It's just not finding the timestamp at all. Any idea why? I've tried a few other iterations, even going so far as to make the prefix <.*>, and setting the time format to match the second timestamp; still nothing. I'm getting pretty frustrated.

0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎12-22-2014 08:16 PM

I would avoid using any kind of tag notation within TIME_PREFIX. Have you tried just as below? 

TIME_PREFIX= title="
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%N%Z
0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...