Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
25 results
Sorted by:
04-14-2017
03:07 PM
...time" contains my own "date" field. I found the article http://docs.splunk.com/Documentation/Splunk/6.5.3/Data/ConfigurePositionalTimestampExtraction
but I have a problem to bring this to work.
My e...
- Tags:
- splunk-light
09-06-2016
12:50 PM
...ailed" | head 5 | eval Timestamp=strftime(_time,"%m-%d-%y %I:%M %p")| table user name Timestamp | rename user as "User", name as "Reason"
Which works wonderfully. It displays the first 5 users, reasons f...
04-21-2016
11:08 AM
One of the new features in Splunk 6.0+ is the capability of a forwarder assigning a timezone to an event in the situation where the timestamp can't be parsed from the raw event, and there isn't any p...
10-30-2019
12:36 AM
...egex processing, and quit at the "T" separator. Knowing my data, this is a safe match.
Automatic timestamp extraction
From the Splunk docs topic "How timestamp assignment works"
Most events do n...
07-12-2012
02:08 PM
6 Karma
...riggering on [host::IP ADDRESS], that works.
12-11-2014
08:17 AM
1 Karma
Some log events do not have timezone information in it so I need to set the timezone in the props.conf on the forwarder. This works fine however we have many universal forwarders in multiple t...
11-14-2013
12:20 PM
...vent
.
<-.
I don't know why splunk is not breaking the lines when it finds the timestamp instead of that it is combining few lines as if they are single event though they have d...
08-15-2016
10:31 AM
Good day.
I am trying to import a CSV into Splunk and specifying a Timestamp format and it appears Splunk is not calculating the day of year properly.
My data has a column called 'Start Time' w...
01-09-2015
10:26 AM
1 Karma
...plunk did not recognize the date field as date, instead it created a "_time" field and has added the timestamp value of the data entry . The visual data distribution shows all data in the same timestamp....
