...time" contains my own "date" field. I found the article http://docs.splunk.com/Documentation/Splunk/6.5.3/Data/ConfigurePositionalTimestampExtraction
but I have a problem to bring this to work.
My e...
One of the new features in Splunk 6.0+ is the capability of a forwarder assigning a timezone to an event in the situation where the timestamp can't be parsed from the raw event, and there isn't any p...
...ailed" | head 5 | eval Timestamp=strftime(_time,"%m-%d-%y %I:%M %p")| table user name Timestamp | rename user as "User", name as "Reason"
Which works wonderfully. It displays the first 5 users, reasons f...
...egex processing, and quit at the "T" separator. Knowing my data, this is a safe match.
Automatic timestamp extraction
From the Splunk docs topic "Howtimestampassignmentworks"
Most events do n...
...vent, however I can't figure out how to ingest the data in a way that doesn't assign it all to exist either in 2018 or 2017.
After reading on howtimestampassignmentworks and how Splunk d...
...vent
.
<-.
I don't know why splunk is not breaking the lines when it finds the timestamp instead of that it is combining few lines as if they are single event though they have d...
Good day.
I am trying to import a CSV into Splunk and specifying a Timestamp format and it appears Splunk is not calculating the day of year properly.
My data has a column called 'Start Time' w...
I have used the SEDCMD to take out an excess time that was added to the beginning of my logs so that the timestamp would use the second time (now the only time) showing in the event. The timestamphow...
I've heard that using Splunk's default source type detection is flexible, but can be hard on performance. What is the best way to define source types that keeps performance speedy?