I read in some old posts, that it is not possible to use the timestamp of a filename, but I wonder, if it is possible meanwhile.
My problem: My filename is something like xxx_20181127_175823.bin.gz my events inside of this log file are based on this "starting point".
Tim=0000023 event xyz
Tim=0000987 event abc
The actual timestamp will be 20181127_175823 + 23 ms or 20181127_175823 + 987 ms, where we have year + month + day + _ + time.
Is it possible to do this with Splunk or do I have to do some workaround?
... View more