@twinspop thanks for your fast reply. I am new to splunk so, I am really sorry for my silly questions.
From the above reply I understand I need to define the time format, time zone and the date/time field which i required to index as _time by writing the regex in the props......which means i need to hard code that particular time-date filed in props.
I am pasting the sample log file here as a code, sorry i do not have enough karma points to attach anything. i sincerely appreciate if you can help with regex,
I have a question, which TZ i should mention because the data (tickets generated) which i am having is from US and Europe and I am preparing the dashboard/reports in Asia, should i mention my timezone here?
----------Headings----------
Number,Severity,Customer Identification,Open on behalf of,Affected Location,Affected Organization,Created,Assigned at,Resolved,Closed,Short description,Category,Subcategory,Subsubcategory,Resolver group,Resolved by,Solution Category,Solution SubCategory,Resolution notes,Contact source,Reopen count,Actual elapsed time,Pause duration,Has breached
-------demo tickets data--------
EDC136876,4 - Low,Andrew (GG TT LS),,CSL L,GG TT LS,2017-02-16 13:13:48,2017-02-17 00:47:17,2017-02-17 13:12:05,2017-02-24 14:01:34,Need to install Application on new laptop,Application,Software,Client Topics,EDC_Application_L1Support,Bogdan Peter (CT DD DS EU RO SERV 8),,,"Hello Colleagues,Issue has been resolved, we will close this ticket. Peter",Portal,0,894,651555,FALSE
... View more