Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Parsing time_format with random words between date and time

bobmacks
Explorer
‎02-24-2019 09:43 PM

Hi,

I'm attempting to extract data and time from a custom text file where date and time are split across two lines and contains two different combination of words in between them. A sample data I'm trying to ingest looks like...

PAGE 1    20-02-2019
ABC       08.03.45
data....

PAGE 2    20-02-2019
DEF       08.50.12
data....

The TIME_PREFIX is pretty straightforward but I'm stuck with how to define TIME_FORMAT to handle the inconsistent characters (i.e. ABC vs DEF) between the date and time fields. 

 TIME_PREFIX=^DATE\s{1}\d{1}\s{4}
 TIME_FORMAT=%d-%m-%Y%n???       %H.%M.%S
Tags (1)
Reply

integratorz
Path Finder
‎02-28-2019 11:48 AM

@bobmacks for TIME_PREFIX, I don't see where the string DATE exists in your sample data. Is this the case?

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...