Getting Data In

Props.conf: How to detect time and break events?

power12
Explorer

I have the following sample data in a csv file.I am trying to import it but its  unable to break the line and detect the timestamp.

Sample events

"Jun30.22.21.55, LVVL@abc.LOCAL, InOctets, 557766140, OutOctets, 3462815293, Total MB used, 502.572679125"

"Jun30.22.21.55, ALU@abc.LOCAL, InOctets, 4238119433, OutOctets, 3683403330, Total MB used, 990.190345375"

"Jun30.22.21.55, RXGH@abc.LOCAL, InOctets, 233853544, OutOctets, 485536206, Total MB used, 89.92371875"

 

 

Labels (1)
Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Assuming your timestamp is the first field, try setting your TIME_FORMAT to %b%d.%y.%H.%M

Having said that, what do dates with single digit days look like e.g. Jul01.22 or Jul 1.22 or Jul1.22? 

0 Karma

power12
Explorer

Jun30.22.21.55  ....here Jun30th is the date with year as present and 22.21.55 is the time ...with single date it will be Jun01

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

%b%d.%H.%M.%S

0 Karma

power12
Explorer

I tried using %b%d.%H.%M.%S in TIME_FORMAT but it did not recognize the time.I am attaching the screenshot of how it looks when uploaded through UI.

 

[ csv ]
CHARSET=UTF-8
INDEXED_EXTRACTIONS=csv
KV_MODE=none
SHOULD_LINEMERGE=false
category=Structured
description=Comma-separated value format. Set header and other settings in "Delimited Settings"
disabled=false
pulldown_type=true
TIME_FORMAT=%b%d.%H.%M.%S

 

power12_0-1657727853585.png

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Try including TIME_PREFIX = ^

0 Karma

power12
Explorer

I tried that no luck

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...