Solved: Splunk SDK: Is there a way to set the time of an e...

ConnorG · ‎09-03-2014

I'm currently in the process of sending data to the Splunk server through the C# SDK.

The time for every event sent to the server is based on when the server received the event, and not my own timestamp that is attached to the event in a field.

Here's an example of what I'm doing:

        Receiver splunkReceiver = new Receiver(service);

        var args = new Args();
        args.Add("host", "win-5ja2nu0k88c");
        args.Add("source", "dynaTrace");
        args.Add("sourcetype", "Monitoring");

        splunkReceiver.Submit("main", args, "EventType=4 Keywords=Classic, RecordNumber=number, timestamp = 9/04/13");

Is there a way to set set the time of the event created from this Submit? I would want it to be equal to my timestamp field. Perhaps through a specific arg?

Damien_Dallimor · ‎09-03-2014

I tried reformatting your message a bit and it works :

Thu Sep 04 2013 12:47:31 EventType=4 Keywords=Classic RecordNumber=number

Alternatively , you could declare timestamp extraction rules in props.conf for your sourcetype "Monitoring"

View solution in original post

Damien_Dallimor · ‎09-03-2014

I tried reformatting your message a bit and it works :

Thu Sep 04 2013 12:47:31 EventType=4 Keywords=Classic RecordNumber=number

Alternatively , you could declare timestamp extraction rules in props.conf for your sourcetype "Monitoring"

Damien_Dallimor · ‎09-04-2014

Please "accept" the answer. Thanks.

ConnorG · ‎09-04-2014

That worked wonderfully. Thanks much for the assistance sir.

Splunk SDK: Is there a way to set the time of an event created from Submit?

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Index This | I am a number but I am countless. What am I?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience