Getting Data In

Need help to get Timestamp correctly,please

dovelsh12223621
Path Finder

I have data in the following:
host=ICSPSD instId=0001 ptime=2015-05-06 14:41:46,323 modName=icsfront logType=app ip=199.0.45.171 msg=[004127][0506 144145:629][ Dumpmsg.c][00133]->Dumpmsg begin
host=ICSPSD instId=0001 ptime=2015-05-06 14:41:46,323 modName=icsfront logType=app ip=199.0.45.171 msg=[004127][0506 144145:629][ Dumpmsg.c][00182]->DbsDumpmsg delete succ
host=ICSPSD instId=0001 ptime=2015-05-06 14:41:46,323 modName=icsfront logType=app ip=199.0.45.171 msg=[004127][0506 144145:629][ Dumpmsg.c][00282]->Dumpmsg end
host=ICSPSD instId=0001 ptime=2015-05-06 14:43:46,083 modName=icsfront logType=app ip=199.0.45.171 msg=[004127][0506 144345:643][ Dumpmsg.c][00133]->Dumpmsg begin

Timestamp like this "[0506 144145:629]" ,however I cannot get it.
The way I try like this:

TIME_FORMAT= %m%d %H%M%S:%3N
TIME_PREFIX= msg=[\d+][ (pay attention "backslash" cannot show in the question,but I have done it)
MAX_TIMESTAMP_LOOKAHEAD=15
So what cant I do ? I need help to get Splunk to get time correctly.Thanks.

Tags (1)
0 Karma

stephanefotso
Motivator

Hello! Take a look at your TIME_FORMAT= %m%d %H%M%S:%3N and your data (0506 144145:629). I think in your TIME_FORMAT you did not well specify which values you need as the month, day, ........

Thanks

SGF
0 Karma

dovelsh12223621
Path Finder

Thanks,everyone.I have solved the problem by myself.The TIME_FORMAT= %m%d %H%M%S:%3N ,and my date (0506 144145:629) just mean "May 6th 14h:41min:45s,629" .
That's right, no problem.My mistake, which miss [sourcetype_name] in props.conf.So,the configuration has no effect.I am so sorry.Please,don't make the same mistakes.

0 Karma

dovelsh12223621
Path Finder

Yeah,I think the TIME_FORMAT could be wrong.But, I really donot know what is the matter and I have no way to get it correctly,please give me some advice,thanks.

0 Karma

stephanefotso
Motivator

Ok. In (0506 144145:629), let me know which digits represent the year, the month, the day, the hour and the seconds

SGF
0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...