Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Timestamp parsing -- how to pass time parsing for below events with different time formats from same source and few even

rupasri
Observer
‎04-02-2024 02:07 AM

how Timeparsing.PNG

Labels (1)
Labels
Tags (1)
0 Karma
Reply

rupasri
Observer
‎04-02-2024 03:43 AM
4/2/24
5:57:10.000 AM
 
02-APR-2024 05:57:10 * (CONNECT_DATA=(SID=cpdb11)(CID=(PROGRAM=perl)(HOST=a5071ue1plora04)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.18.76.29)(PORT=53100)) * establish * cpdb11 * 0
 
 4/2/24
5:57:10.000 AM
 
2024-04-02T05:57:10.270270-04:00
 
 4/2/24
5:57:09.000 AM
 
02-APR-2024 05:57:09 * service_update * cpdb11 * 0
 
 4/2/24
5:57:09.000 AM
 
02-APR-2024 05:57:09 * service_update * cpdb11 * 0
 
 4/2/24
5:57:08.000 AM
 
TNS-12505: TNS:listener does not currently know of SID given in connect descriptor
 
 4/2/24
5:57:08.000 AM
 
02-APR-2024 05:57:08 * (CONNECT_DATA=(SID=pdb09)(CID=(PROGRAM=perl)(HOST=a5071ue1plora04)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.18.76.29)(PORT=53098)) * establish * pdb09 * 12505
 
 4/2/24
5:57:08.000 AM
 
TNS-12505: TNS:listener does not currently know of SID given in connect descriptor
 
 4/2/24
5:57:08.000 AM
 
02-APR-2024 05:57:08 * (CONNECT_DATA=(SID=pdb09)(CID=(PROGRAM=perl)(HOST=a5071ue1plora04)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.18.76.29)(PORT=53096)) * establish * pdb09 * 12505
 
 4/2/24
5:57:08.000 AM
 
2024-04-02T05:57:08.619205-04:00
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-02-2024 03:38 AM

Please share your sample event in a code block </> not an image of them?

Also, what settings do you currently have?

I am assuming you are looking to do this at ingest time rather than search time, please clarify?

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...