Hi,
I have some log files with no timestamp neither in the indexed data nor in the path or filename.
I don't want to use the current time.
Is there a way to use the date and time of the file as the timestamp?
Thanks
As you can see here: link
Splunk prefers the Files modification time (5.) over the current timestamp (6.). So this should happen automatically, if splunk can not find an other timestamp from (1.) to (4.).
Greetings
Tom
As you can see here: link
Splunk prefers the Files modification time (5.) over the current timestamp (6.). So this should happen automatically, if splunk can not find an other timestamp from (1.) to (4.).
Greetings
Tom
You're right, it's working.
Strangely, it is not working in the data preview from Add Data / upload while it's working in Add Data / monitor.