I have a CSV file with the below data, trying to push to Splunk. Example - Thu JUN 24 15:27:52 +08 2021,name1,address1,Thu JUN25 12:27:52 +08 2021,Active Thu JUN 24 15:27:52 +08 2021,name2,address2,Thu JUN 25 03:65:52 +08 2021,Active Thu JUN 24 15:27:52 +08 2021,name3,address3,Thu JUN 25 05:15:52 +08 2021,Active Thu JUN 24 15:27:52 +08 2021,name4,address4,Thu MAY26 06:25:52 +08 2021,Active Thu JUN 24 15:27:52 +08 2021,name5,address5,Thu MAY26 06:15:52 +08 2021,Active Thu JUN 24 15:27:52 +08 2021,name6,address6,Thu JAN14 07:15:52 +08 2021,Active props setting in props using fourth field as timestamp. SHOULD_LINEMERGE= FALSE
FIELD_DELIMETER=,
HEADER_FIELD_DELIMETER=,
FIELD_NAMES=Time,names,address,creationtime,status
TIMESTAMP_FIELDS=creationtime
TZ=Asia/Singapore by using the above props I can able to push only the latest date data, other events are missing in Splunk. for example, I can see only JUN25th data. remaining events are missing. Can someone explain, what might be the cause.
... View more