Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get Splunk to recognize the date for data in a CSV file, not the creation time of the data entry?

sushmitha_mj
Communicator
‎01-09-2015 10:26 AM

Hi, I am new to splunk and hence, just to experiment with the tool I added some bank statement data into splunk in the form of csv file. The date field in the file is in the format " mm/dd/yy". Splunk did not recognize the date field as date, instead it created a "_time" field and has added the timestamp value of the data entry . The visual data distribution shows all data in the same timestamp. I need help to make splunk use the date field instead of the creation time.

Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-09-2015 11:14 AM

You just need to configure the time when you input the data:

Say I have a sample CSV like this:

time    x   y   z
11/11/11    1   2   6
12/12/12    12  3   6
12/13/13    2   4   6
12/14/14    35  4   8

First, add the data (the file)

alt text

Secondly, configure the timestamp field (optional in this case) and timestamp format

alt text

Which for this example, looks like %m/%d/%y - this is called strptime format

alt text

View solution in original post

Preview file
1 KB
Preview file
1 KB
Reply
Solved! Jump to solution
Solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-09-2015 11:14 AM

You just need to configure the time when you input the data:

Say I have a sample CSV like this:

time    x   y   z
11/11/11    1   2   6
12/12/12    12  3   6
12/13/13    2   4   6
12/14/14    35  4   8

First, add the data (the file)

alt text

Secondly, configure the timestamp field (optional in this case) and timestamp format

alt text

Which for this example, looks like %m/%d/%y - this is called strptime format

alt text

Preview file
1 KB
Preview file
1 KB
Reply
Solved! Jump to solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-09-2015 11:15 AM

You may benefit from reading on how timestamp assignment works in Splunk

Reply
Solved! Jump to solution

sushmitha_mj
Communicator
‎01-09-2015 01:14 PM

That was a really simple fix !! Thank you so much .

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...