hi
I'm trying to use Splunk Hadoop Connect to get data. I followed these steps:
1) install hadoop app
2) connect hadoop namenode
3) click "explore" on configure menu
4) click "data input" and I can set resource name, sourcetype , localhost , index
but I can't find "configuring timestamp"
Hadoop data has RDBMS structure, so I have to set the "DATE" field set as timestamp
please expert answer
Splunk should automatically pick up the date. If you need to configure date recognition, you will need to use props.conf.