Solved: Help extracting timestamp from a CSV File

spammenot66 · ‎07-24-2020

I'm trying to extract the "Flash Date" and use it a the time stamp when I index my csv file. I'm getting random results. Any help would be greatly appreciated. In some cases the event would grab the "start time",in others it would match up to "End Time"

Question

1) if the field name contains a space, do i need to encase it in double quotes when specifying TIMESTAMP_FIELDS ?

2) Can I use just a date with no time as seen in the values from "Flash date"?

My CSV file

Folder,Job Name,Flash Date,Job Status,Start Time,End Time
S1,J1,"July 19, 2020",Ended OK,"July 19, 2020 3:00:121 PM","July 19, 2020 3:00:23" PM
S1,J2,"July 1, 2020",Failed,"July 2, 2020 3:00:21 PM","July 9, 2020 5:00:00 PM"
S1,J3,"July 4, 2020",Failed,"",""
S1,J3,"July 4, 2020",Ended OK,"July 4, 2020 12:00:00 PM",""

[my_csv]
CHARSET = UTF-8
INDEXED_EXTRACTIONS = csv
DATETIME_CONFIG =
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
TIMESTAMP_FIELDS = Flash Date
TIME_FORMAT = %B %d, %Y

to4kawa · ‎07-24-2020

[ my_csv ]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%B %d, %Y
TIMESTAMP_FIELDS="Flash Date"
CHARSET=UTF-8

A1) yes.
A2) yes.

View solution in original post

to4kawa · ‎07-24-2020

[ my_csv ]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%B %d, %Y
TIMESTAMP_FIELDS="Flash Date"
CHARSET=UTF-8

A1) yes.
A2) yes.

spammenot66 · ‎07-25-2020

thanks @to4kawa for the quick response. I'm trying it out now.

Help extracting timestamp from a CSV File

configuration

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!