×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
skericsson
New Member
Member since: ‎08-12-2011
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-12-2011
View All

Re: How to recognize event time that is embedded i...

by in Getting Data In
‎08-13-2011 06:19 AM
‎08-13-2011 06:19 AM
Thanks. Still having trouble. So is etc/apps/search/input.conf necessary. I added following lines to that file. [monitor:///home/test/data/session_data.out] sourcetype = sds3 ... View more

How to recognize event time that is embedded in js...

by in Getting Data In
‎08-12-2011 11:38 AM
‎08-12-2011 11:38 AM
I'm using "From files and directories" --> "Upload and index a file" to feed the data file. The file has data in following format. { "_id": { "$oid": "4b97ca22729772ec85d48fc0"}, "subscriberId": "C10000235", "createTime": 1268238882453, "serviceGroup": "SGID0001", "sessionProtocolIndicator": null, "networkProxyId": "PROXY_001" } Search shows the following basic information: host=srinidev sourcetype=sds3 source=sds3.out How can I get splunk (using 4.2.3) to recognize 1268238882453 as the date and use it as event time? I added a $SPLUNK_HOME/etc/local/props.conf file with these lines: [sds3] TIME_PREFIX = createTime TIME_FORMAT = %s I also added $SPLUNK_HOME/etc/apps/search/input.conf, but with not much success. Any help is greatly appreciated. Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM