Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Parsing time_format with random words between date and time

bobmacks
Explorer
‎02-24-2019 09:43 PM

Hi,

I'm attempting to extract data and time from a custom text file where date and time are split across two lines and contains two different combination of words in between them. A sample data I'm trying to ingest looks like...

PAGE 1    20-02-2019
ABC       08.03.45
data....

PAGE 2    20-02-2019
DEF       08.50.12
data....

The TIME_PREFIX is pretty straightforward but I'm stuck with how to define TIME_FORMAT to handle the inconsistent characters (i.e. ABC vs DEF) between the date and time fields. 

 TIME_PREFIX=^DATE\s{1}\d{1}\s{4}
 TIME_FORMAT=%d-%m-%Y%n???       %H.%M.%S
Tags (1)
Reply

integratorz
Path Finder
‎02-28-2019 11:48 AM

@bobmacks for TIME_PREFIX, I don't see where the string DATE exists in your sample data. Is this the case?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...