Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About skgbanga
skgbanga
New Member
Member since:
02-07-2018
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 02-07-2018 |
Activity Feed
- Posted Re: Timestamp not being recognized in CSV on Getting Data In. 02-08-2018 06:57 AM
- Posted Re: Timestamp not being recognized in CSV on Getting Data In. 02-08-2018 05:51 AM
- Posted Re: Timestamp not being recognized in CSV on Getting Data In. 02-08-2018 05:40 AM
- Posted Re: Timestamp not being recognized in CSV on Getting Data In. 02-08-2018 05:34 AM
- Posted Re: Timestamp not being recognized in CSV on Getting Data In. 02-08-2018 05:29 AM
- Posted Timestamp not being recognized in CSV on Getting Data In. 02-07-2018 09:01 PM
- Tagged Timestamp not being recognized in CSV on Getting Data In. 02-07-2018 09:01 PM
- Tagged Timestamp not being recognized in CSV on Getting Data In. 02-07-2018 09:01 PM
- Tagged Timestamp not being recognized in CSV on Getting Data In. 02-07-2018 09:01 PM
- Tagged Timestamp not being recognized in CSV on Getting Data In. 02-07-2018 09:01 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
02-08-2018
06:57 AM
Hey,
So any new data that I am adding is being correctly interpreted now. (I tried two ways: .csv and .zip (consisting of a lot of csvs)
However changing the settings does NOT affect the previous data. Maybe I need to reindex the data or something (but I don't know how to do that)
... View more
02-08-2018
05:51 AM
Yes. How are you adding the data and changing the configuration? Maybe I can try to follow your exact steps and then report back?
... View more
02-08-2018
05:40 AM
Also note that I followed these instructions to uploaded the data:
http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchTutorial/GetthetutorialdataintoSplunk
... View more
02-08-2018
05:34 AM
Hey,
I have applied the configuration via splunk web interface. (Settings -> Source Types -> csv -> TimeStamp). Could you point me where I can change the configurations you specified.
I am on mac os. So I went to /Applications/Splunk/etc/system/local/props.conf and removed the DATETIME_CONFIG = , but that didn't change anything.
... View more
02-08-2018
05:29 AM
The name in my csv is trig.hwts , but splunks changes that to trig_hwts as the field name it recognized.
... View more
02-07-2018
09:01 PM
Searching for the other answer, I believe this is one of the most common questions, but I couldn't figure out my answer after reading all the others. So here it goes:
My CSV looks like this:
trig.hwts,delta
1517492760549648185,58445
And after setting the options via splunk web interface, here is what my props.conf looks like:
[csv]
DATETIME_CONFIG =
NO_BINARY_CHECK = true
TIMESTAMP_FIELDS = trig_hwts
disabled = false
TIME_FORMAT = %s%9N
TZ = America/Detroit
Note that I have specified TIMESTAMP_FIELDS as trig_hwts (_ instead of the . ) because that is how splunk recognized this field. (I have tried changing it to . as well, but that also didn't work)
The problem is splunk is not picking trig.hwts at all. It keeps showing the time when I uploaded my file to splunk, and not the time in the file. I have restarted my splunk after editing file.
Any help is appreciated.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
