My data looks like this:
{ EC_reference="C0000001", Entity_name="Charter 88", Entity_type="Third Party", Regulated_donee_type="", Recd_by="", Reported_under_62:12="", Is_sponsorship="", Donor_name="Joseph Rowntree Reform Trust, The Garden House", Donor_type="Company", Company_reg_num=":357963", Postcode="YO30 6WQ", Type_of_donation="Cash", Nature_Provision="", Purpose="", How_dealt_with="", Value_GBP="50000", Received_date="23-03-2001 00:00:00", Accepted_date="23-03-2001 00:00:00", Reported_date="07-09-2001 00:00:00", Compliance_breach="None" }
In my props.conf I have:
# your settings
NO_BINARY_CHECK=1
SHOULD_LINEMERGE=false
TIME_FORMAT=%d-%m-%Y %H:%M:%S
TIME_PREFIX=Accepted_date=\"
Though Splunk cannot ID a timestamp. I'm not sure what I've done wrong here...
... View more