Solved: Unable to parse timestamp from xml tag

v2k007 · ‎11-15-2014

I am facing problem with timestamp from xml file entry.
Following is the sample tag from xml file

 <row Id="82949" UserId="3893" Name="Teacher" Date="2008-09-15T08:55:03.957" />

I have specified following timeformat and timeprefix to detect timestamp.

Timestamp format = %Y-%m-%d'T'%H:%M:%S.%3N
Timestamp prefix = \d{4}-\d{2}-\d{2}+T\d{2}:\d{2}:\d{2}.\d{3}

I am getting following error could not use strptime to parse timestamp from "" />"

I am new to Splunk, so help on this issue is really appreciated. Thanks in advance.

cpetterborg · ‎11-15-2014

The prefix is what comes BEFORE the timestamp:

Timestamp prefix = Date="

v2k007 · ‎11-16-2014

It worked 🙂 Thanks somesoni2 and cpetterborg

cpetterborg · ‎11-15-2014

The prefix is what comes BEFORE the timestamp:

Timestamp prefix = Date="

somesoni2 · ‎11-15-2014

First remove single quote from time fromat and dont use time prefix.

Unable to parse timestamp from xml tag