Getting Data In

Timestamp parsing from filename

jackin
Path Finder

Hi

I want to write the props for below logs.

Actually the logs are coming with no timestamp and the file name having the timestamp. 

These are the logs:

Message Is: https POST failed: . Status Is: Ok

Message Is: https POST successful: 200. Status Is: Ok

Changed .Pac File to http://liteway.prog2.com/proxyins/proxy_client.oac

Unable to change .Pac File to http://liteway.prog2.com/proxyins/proxy_client.oac

File name coming like 

zscalerhttp_2023-01-09-18-03-25

Can anyone help to write the props for this logs.. 

 

Labels (2)
0 Karma

jackin
Path Finder

Yes @PickleRick 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

OK. There is no setting that would allow you to extract timestamp from filename or path directly. The only way I see is to use a INGEST_EVAL functionality. See https://conf.splunk.com/files/2020/slides/PLA1154C.pdf (slide 28 onwards)

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Let me get this straight - you have a separate file per each event?

0 Karma

jackin
Path Finder

Yes @PickleRick 

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...