Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Help extracting timestamp from a CSV File

spammenot66
Contributor
‎07-24-2020 04:02 PM

I'm trying to extract the "Flash Date" and use it a the time stamp  when I index my csv file. I'm getting random results. Any help would be greatly appreciated. In some cases the event would grab the "start time",in others it would match up to "End Time" 

Question

1) if the field name contains a space, do i need to encase it in double quotes when specifying TIMESTAMP_FIELDS ?

2) Can I use just a date with no time as seen in the values from "Flash date"?

 

My CSV file

Folder,Job Name,Flash Date,Job Status,Start Time,End Time
S1,J1,"July 19, 2020",Ended OK,"July 19, 2020 3:00:121 PM","July 19, 2020 3:00:23" PM
S1,J2,"July 1, 2020",Failed,"July 2, 2020 3:00:21 PM","July 9, 2020 5:00:00 PM"
S1,J3,"July 4, 2020",Failed,"",""
S1,J3,"July 4, 2020",Ended OK,"July 4, 2020 12:00:00 PM",""

 

 

 

 

[my_csv]
CHARSET = UTF-8
INDEXED_EXTRACTIONS = csv
DATETIME_CONFIG =
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
TIMESTAMP_FIELDS = Flash Date
TIME_FORMAT = %B %d, %Y

 

 

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎07-24-2020 04:40 PM

[ my_csv ]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%B %d, %Y
TIMESTAMP_FIELDS="Flash Date"
CHARSET=UTF-8

A1) yes.
A2) yes.

View solution in original post

Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎07-24-2020 04:40 PM

[ my_csv ]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%B %d, %Y
TIMESTAMP_FIELDS="Flash Date"
CHARSET=UTF-8

A1) yes.
A2) yes.

Reply
Solved! Jump to solution

spammenot66
Contributor
‎07-25-2020 10:48 AM

thanks @to4kawa  for the quick response.  I'm trying it out now. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...