We want to collect NSi autostore logs in Splunk. Unfortunately Splunk is not able to parse the logs by default.
Log example:
5/28/2015^13:3:5:6^r_source_700 1^STATUS MESSAGE^Object ID: 125478
5/28/2015^13:3:5:6^r_source_700 1^STATUS MESSAGE^E-Mail:
5/28/2015^13:3:5:23^r_source_700 1^STATUS MESSAGE^SAP XYZ: Entering Component.
5/28/2015^13:3:5:25^r_source_700 1^STATUS MESSAGE^SAP XYZ: 1 documents to Route.
The Datetime contains no leading zeros or spaces. The format is:
day/month/year^hour:minute:second:millisecond
We tried to parse the Time with: TIME_FORMAT=%-m/%-d/%Y^%-H:%-M:%-S:%-N but it did not worked.
Does someone knows a possibility to parse that kind of Timestamp?
Thank you in advance
Lars
... View more