How to extract timestamp( is in bold text ) from t...

srinathd · ‎02-18-2015

How to extract timestamp( is in bold text ) from the below event inside a file. Attached the source file. Each file content is considered as single event. currently it is taking file modification time as timestamp of the event. how to prevent this.

20150121
1
082142
08:21:42:379
99324

admin2
emergencey.2
0
xyz.23015521
too many times

150121082142379

FritzWittwer_ol · ‎02-18-2015

see http://docs.splunk.com/Documentation/Splunk/latest/Data/Handleeventtimestamps

using TIME_FORMAT = %d%m%Y%H%M%S

should do the trick

FritzWittwer_ol · ‎02-19-2015

well the TIME_format is certainly wrong, what format is 150121082142379 seconds since the epoc seems not to fit as well

srinathd · ‎02-19-2015

I tried with TIME_FORMAT. But it is not working.

How to extract timestamp( is in bold text ) from the below event inside a file. Attached the source file. Each file content is considered as single event. currently it is taking file modification time as timestamp of the event. how to prevent this.

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!