Hi Splunkers,
I have a structure data on .csv that contains the follows fields:
2014/10/01-07:16:31,0.121,1.1,S,0.0,0,1,1,1,0,0,1,0,1,S
2014/10/01-07:16:31 - it's my timestamp.
I tried add data on Splunk but I can't recognise the timestamp with my regex:
My regex is:
\d{4}\/\d{2}\/\d{2}\-\d{2}\:\d{2}\:\d{2}
I verified on http://www.regexr.com/.
this is my props.conf
TIME_PREFIX = \d{4}\/\d{2}\/\d{2}\-\d{2}\:\d{2}\:\d{2}
FIELD_DELIMITER = ,
FIELD_QUOTE = '
INDEXED_EXTRACTIONS = csv
KV_MODE = none
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
category = Structured
disabled = false
pulldown_type = true
How can I edit my configuration to recognize the timestamp?
... View more