Setup
Need
What I'm trying to achieve is,
Issues I'm facing
The impact of this behavior is that, I cannot do historical pull as searches will not work with time picker. Search will not display the results because search will not find the data for historical duration say last two weeks, as all the historical data is indexes with pull time which is now.
How do I overcome this issue?
Hello Ronak,
I'm assuming you're using the DB Connect App, right? If that's the case, have a look on a similar question:
It's tailored for MS SQL Server but the idea of configuring the timestamp parsing format is the same for any DB.
Cheers
Here another similar answer: http://answers.splunk.com/answers/143775/timestamp-recognition-with-dbconnect-app.html#answer-143903