Solved: Splunk SDK: Is there a way to set the time of an e...

ConnorG · ‎09-03-2014

I'm currently in the process of sending data to the Splunk server through the C# SDK.

The time for every event sent to the server is based on when the server received the event, and not my own timestamp that is attached to the event in a field.

Here's an example of what I'm doing:

        Receiver splunkReceiver = new Receiver(service);

        var args = new Args();
        args.Add("host", "win-5ja2nu0k88c");
        args.Add("source", "dynaTrace");
        args.Add("sourcetype", "Monitoring");

        splunkReceiver.Submit("main", args, "EventType=4 Keywords=Classic, RecordNumber=number, timestamp = 9/04/13");

Is there a way to set set the time of the event created from this Submit? I would want it to be equal to my timestamp field. Perhaps through a specific arg?

Damien_Dallimor · ‎09-03-2014

I tried reformatting your message a bit and it works :

Thu Sep 04 2013 12:47:31 EventType=4 Keywords=Classic RecordNumber=number

Alternatively , you could declare timestamp extraction rules in props.conf for your sourcetype "Monitoring"

View solution in original post

Damien_Dallimor · ‎09-03-2014

I tried reformatting your message a bit and it works :

Thu Sep 04 2013 12:47:31 EventType=4 Keywords=Classic RecordNumber=number

Alternatively , you could declare timestamp extraction rules in props.conf for your sourcetype "Monitoring"

Damien_Dallimor · ‎09-04-2014

Please "accept" the answer. Thanks.

ConnorG · ‎09-04-2014

That worked wonderfully. Thanks much for the assistance sir.

Splunk SDK: Is there a way to set the time of an event created from Submit?

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability