Getting Data In

Splunk SDK: Is there a way to set the time of an event created from Submit?

ConnorG
Path Finder

I'm currently in the process of sending data to the Splunk server through the C# SDK.

The time for every event sent to the server is based on when the server received the event, and not my own timestamp that is attached to the event in a field.

Here's an example of what I'm doing:

        Receiver splunkReceiver = new Receiver(service);

        var args = new Args();
        args.Add("host", "win-5ja2nu0k88c");
        args.Add("source", "dynaTrace");
        args.Add("sourcetype", "Monitoring");

        splunkReceiver.Submit("main", args, "EventType=4 Keywords=Classic, RecordNumber=number, timestamp = 9/04/13");

Is there a way to set set the time of the event created from this Submit? I would want it to be equal to my timestamp field. Perhaps through a specific arg?

Tags (3)
1 Solution

Damien_Dallimor
Ultra Champion

I tried reformatting your message a bit and it works :

Thu Sep 04 2013 12:47:31 EventType=4 Keywords=Classic RecordNumber=number

Alternatively , you could declare timestamp extraction rules in props.conf for your sourcetype "Monitoring"

View solution in original post

Damien_Dallimor
Ultra Champion

I tried reformatting your message a bit and it works :

Thu Sep 04 2013 12:47:31 EventType=4 Keywords=Classic RecordNumber=number

Alternatively , you could declare timestamp extraction rules in props.conf for your sourcetype "Monitoring"

Damien_Dallimor
Ultra Champion

Please "accept" the answer. Thanks.

0 Karma

ConnorG
Path Finder

That worked wonderfully. Thanks much for the assistance sir.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...