Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Timestamp parsing from filename

jackin
Path Finder
‎03-13-2023 10:03 AM

Hi

I want to write the props for below logs.

Actually the logs are coming with no timestamp and the file name having the timestamp. 

These are the logs:

Message Is: https POST failed: . Status Is: Ok

Message Is: https POST successful: 200. Status Is: Ok

Changed .Pac File to http://liteway.prog2.com/proxyins/proxy_client.oac

Unable to change .Pac File to http://liteway.prog2.com/proxyins/proxy_client.oac

File name coming like 

zscalerhttp_2023-01-09-18-03-25

Can anyone help to write the props for this logs.. 

 

Labels (2)
Labels
0 Karma
Reply

jackin
Path Finder
‎03-13-2023 11:13 AM

Yes @PickleRick 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-13-2023 01:41 PM

OK. There is no setting that would allow you to extract timestamp from filename or path directly. The only way I see is to use a INGEST_EVAL functionality. See https://conf.splunk.com/files/2020/slides/PLA1154C.pdf (slide 28 onwards)

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-13-2023 11:05 AM

Let me get this straight - you have a separate file per each event?

0 Karma
Reply

jackin
Path Finder
‎03-13-2023 08:24 PM

Yes @PickleRick 

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...