Solved: Timestamp extraction from log

linu1988 · ‎06-19-2013

Hello,
I am trying to extract time stamp from log file which will help me to use log TimeStamp instead of splunk time stamp.

I have tried to match the time using regex in props.conf but the regex is not at all showing the date. I have tried everything but Splunk doesn't recognize the log date. Please guide me as am not an regex expert.

TIME_PREFIX=^\d{4}:\d{1,2}:\d{1,2}-\d{1,2}:\d{1,2}

sample log:

2013:6:18-11:18 -- IP:: 10.121.230.155 REQUEST URI:: www...

linu1988 · ‎06-20-2013

Hello,
below gave me the solution 🙂

DATE_TIMECONFIG=NONE
NO_BINARY_CHECK=1
TIME_FORMAT=%y:%m:%d-%H:%M

View solution in original post

linu1988 · ‎06-20-2013

Hello,
below gave me the solution 🙂

DATE_TIMECONFIG=NONE
NO_BINARY_CHECK=1
TIME_FORMAT=%y:%m:%d-%H:%M

thambisetty_bal · ‎06-30-2016

DATE_TIMECONFIG=NONE this is wrong there is no attribute like that find correct one below
DATETIME_CONFIG=NONE

cschmidt0121 · ‎06-19-2013

I'm pretty sure you should be editing TIME_FORMAT, not TIME_PREFIX. Not only that, you aren't specifying which fields are year, month, etc.

Timestamp extraction from log

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk