Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

_time or time not being populated correctly from a CSV file

clintla
Contributor
‎08-25-2016 04:49 PM

Having issues getting time right.
My time is currently being populated by file creation time & not the 2nd column of the CSV file.

In troubleshooting, I've extracted time out a couple times.
DATE_ 2016-08-25 01:05:00 PM
extractDATE 2016-08-25 01:05:00 PM

but even though in props.conf, I've tried to assign either to the time value- it doesn't seem to have an effect after Splunk restart and addition of new files.

Props shows
TIMESTAMP_FIELDS = extractDATE

the time shows as
Time _time 2016-08-25T13:39:02.000-07:00

I've successfully assigned timestamp, but that doesn't show well in a timechart.
I've looked for other ways to assign @ search time such as an eval command to assign time, but that clobbers the time all together

Is there a manual way to assign time to a field in the GUI or at search time? hard to figure out what I'm doing wrong here.

Reply
1 Solution
Solved! Jump to solution
Solution

clintla
Contributor
‎08-25-2016 05:04 PM

I'm good.. used this command to re-assign that doesnt clobber the time

eval _time =strptime(timestamp,"%Y-%m-%d %H:%M:%S %P")

View solution in original post

Reply
Solved! Jump to solution
Solution

clintla
Contributor
‎08-25-2016 05:04 PM

I'm good.. used this command to re-assign that doesnt clobber the time

eval _time =strptime(timestamp,"%Y-%m-%d %H:%M:%S %P")

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...