Hi Splunk Gurus   Could you someone help me to resolve my Issue with timestamp extraction? The Issue is that when I want to create a sourcetype with custom timestamp via advanced configuration where I defined TIME_PREFIX as regular expression ^(?:[^\}\n]*\}){4},\{"\w+":"(?P<timestamp_ex>[^"]+) then timesstamp extraction is not working and I getting  error "failed to parse timestamp. Defaulting to file modtime." regular expresion I got from splunk field extraction. Why Splunk doesn't accept my regex which was generated by Slunk itself? and tested out via regex101.com where the expression is working. ... View more