Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

custom timestamp parsing

nikmeiser
Explorer
‎02-02-2012 06:01 PM

I have structured (CSV) files with named fields with a few different date-time formats - 

TIMEA,host,TIMET,DURATION,HOUR,SHIFT
01/30/2012   0:00:00,host01,1327899600,3600,0,2

TIMET (third comma-separaetd value from left) is the UNIX time. How can I force Splunk to use that as timestamp for the event?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nikmeiser
Explorer
‎02-02-2012 07:00 PM

Figured it out

TIME_FORMAT = %+ 
TIME_PREFIX = ^([^,]*,){2}

View solution in original post

Reply
Solved! Jump to solution
Solution

nikmeiser
Explorer
‎02-02-2012 07:00 PM

Figured it out

TIME_FORMAT = %+ 
TIME_PREFIX = ^([^,]*,){2}
Reply
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...