Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are best practices when the timestamp is an integer?

splunker-0625
Splunk Employee
Splunk Employee
‎01-11-2023 06:49 PM

Hi experts,

 

have .CSV file that timestamp is quite a simple integer and its incremental like 1,2,3,,,, 

I want to know how to convert the time column(1,2,3,4,,,,) to any time format that would begin from Jan 1st, 2023 for example.

Does anyone have a great idea for it in props.conf?

Time AAA BBB CCC DDD
1 1073 29.9360008 121.446498 75
2 1074 29.9360008 121.600296 75
3 1078 29.9360008 122.417319 75
Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
Ultra Champion
‎01-11-2023 09:16 PM

What would that number mean?

Either use appropriate format like just %d to let splunk assume rest of the fields by default (I'm not too sure though that it will work good across month's end; I think you could be ingesting events with the wrong month) or ingest this field raw and then use INGEST_EVAL to calculate a resulting date.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
Ultra Champion
‎01-11-2023 09:16 PM

What would that number mean?

Either use appropriate format like just %d to let splunk assume rest of the fields by default (I'm not too sure though that it will work good across month's end; I think you could be ingesting events with the wrong month) or ingest this field raw and then use INGEST_EVAL to calculate a resulting date.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...