Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to index an XML file with unix time format

almotasim90
New Member
‎04-15-2020 08:52 AM

I have XML files in my PC that I want to index them in Splunk, I need the inputs and the props.conf changed. I did everything but I am stock into line breaking events.
I have it in unix time format which is something like: 

<Date_range>
<begin>1586965192</begin>
<end>1586965199</end>
</Date_range>

How to specify the time format !!?
and, I have no idea how to specify time format in my props.conf or transform.conf. if u have anything might help, please!!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-15-2020 09:59 AM

Try these props

[myxml]
TIME_FORMAT = %s
TIME_PREFIX = \<begin>
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...