Hello guys,
I am new here in splunk and in my first project I have to index logs from a remote server and I am doing this with db connect.
My problem is that when I index all the data from this server, the Time that is login into splunk is the Time when Splunk pull the data and I need to log these event by the time that they are generated.
I figured out that when you pull data by the first time with db connect, you can indicate the timestamp by a column of the data base, luckily these db have a time column called "clock", but unforntunlly this time format is in epoch, like so:
So my question is, what do I have to write over here?:
I tryed with %s without any results. Thank you c:
... View more