×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
adrianduff
New Member
Member since: ‎11-10-2016
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-10-2016
Activity Feed
Topics I've Started
View All

Pull Date from Filename

by in Splunk Search
‎11-10-2016 11:10 PM
‎11-10-2016 11:10 PM
So I have some logs that are in the following format: Filename: 16061601rw.dat Each line has a time stamp, but it doesn't include the date. I've checked a ton of answers about getting date from the filename but i cant get it to work properly. When it is being ingested into splunk it looks like this: It is probably worth mentioning that where it starts stamping them as 15/06/2016, it has defaulted back to the last logs date. Here is my attempted edit of the datetime.xml: <text><![CDATA[source::.*?((\d{2})(\d{2})(\d{2}))*.dat]]></text> and I have a custom data type in props.conf that I am trying to use to get it to correctly date the entries: [custom_type] DATETIME_CONFIG = /Applications/Splunk/etc/datetime.xml SHOULD_LINEMERGE = FALSE Can anyone help with this? I think it is most likely an issue with the regex but I'm not sure ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM