Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

setting the time format for timezone offset in props

kteng2024
Path Finder
‎02-20-2017 11:33 AM

hi,

I would like extract the timezone offset in time format in props.
example time format , 2017-02-05T01:20:10.049-0500: 0.855:

TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N-%Z

But the above timeformat which i defined is not working. I want my timestamp in splunk to have upto 2017-02-05T01:20:10.049-0500 ignoring 0.855

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bshuler_splunk
Splunk Employee
Splunk Employee
‎02-20-2017 11:36 AM

%Y-%m-%dT%H:%M:%S.%3N%Z

View solution in original post

Reply
Solved! Jump to solution
Solution

bshuler_splunk
Splunk Employee
Splunk Employee
‎02-20-2017 11:36 AM

%Y-%m-%dT%H:%M:%S.%3N%Z

Reply
Solved! Jump to solution

kteng2024
Path Finder
‎02-20-2017 12:29 PM

thank you for reply but it is not working.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎02-20-2017 01:15 PM

This needs to be deployed to your indexers and splunkd restarted there and even then only events that are indexed post-restart will show the effects of the new configurations.

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎02-27-2017 07:00 AM

I see that this is accepted; so is it working now?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...