I have a data that I'm manually ingesting the data...

aorkcreate · ‎08-07-2018

I have a data that I'm manually ingesting the data from Splunk WEB but I don't have time stamp in my log but I have field that has time but no time in it . so I need that has my time stamp with default 00:00:00:000 has time for me ,how ?

varad_joshi · ‎08-08-2018

You need to look into timestamp assignments. If there is no timestamp at all then you might as well take index time as timestamp. In which case _time field will be populated with index time values. Check more in the URL below.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/HowSplunkextractstimestamps

adonio · ‎08-07-2018

hello there,
can you please elaborate on your challenge?
what exactly are you trying to do?

I have a data that I'm manually ingesting the data from Splunk WEB but I don't have time stamp in my log but I have field that has time but no time in it . so I need that has my time stamp with default 00:00:00:000 has time for me ,how ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Join the Conversation

I have a data that I'm manually ingesting the data from Splunk WEB but I don't have time stamp in my log but I have field that has time but no time in it . so I need that has my time stamp with default 00:00:00:000 has time for me ,how ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!