In have table having Field Source IP , Destination IP  I want to access them for drilldown i tried $row.Source IP$ and $row. Destination IP $ Note : i dont want to change table label to  Source_IP   ... View more

I am trying to extract the _time from the log Jul 28 12:00:49 104.128.100.1 420391: Jul 28 06:30:25.023: %Sample: Sample: cp :  QFP:0.0 but the Splunk is extracting the _time as 2022-07-28T12:00:49.000+05:30 I want it to extract the second time from log i.e Jul 28 06:30:25.023 i tried the approach  In props.conf file added [sourcetype] TIME_PREFIX = ^\S{3}\s\d{1,2}\s[^\s]+\s[^\s]+\s[^\s]+\s TIME_FORMAT = %b %d %H:%M:%S.%3Q MAX_TIMESTAMP_LOOKAHEAD = 30 TZ = UTC but not able to extract can someone pls help ... View more