I'm completely new to Splunk. Started using today, somethings are intuitive but I'm struggling with Timeline. I've loaded EventLogs from one of our Windows box. I've loaded them using "Data Input", "Files and Directory". It shows the event log data but there're two fields in the EventLogs:
For some reason, Splunk is automatically pickup Server Restart TimeStamp but I wanted it to pick up Event TimeStamp. How do I change this?
Sorry, I've searched before asking but couldn't find anything relevant.
However you setup your input, there should have been settings with these names. Go back to
Data Inputs and find your input (or did you do a
File Upload oneshot?) and edit it. You should be able to find these settings.