Getting Data In

Timestamp format

merp96
Path Finder

What could be the TIME_FORMAT=? for the below timestamp in event
2015-03-18 14:18:17 0.175

0 Karma
1 Solution

inventsekar
Ultra Champion

2015-03-18 14:18:17 0.175 --- may i know what is this 0. before 175(milli seconds)

please try this in props.conf:

 TIME_FORMAT = %Y-%d-%m %H:%M:%S

Best Regards,
Sekar

View solution in original post

inventsekar
Ultra Champion

2015-03-18 14:18:17 0.175 --- may i know what is this 0. before 175(milli seconds)

please try this in props.conf:

 TIME_FORMAT = %Y-%d-%m %H:%M:%S

Best Regards,
Sekar

merp96
Path Finder

I guess 0.175 is not part of timestamp. What do you think about it.

0 Karma

inventsekar
Ultra Champion

ok then, we can discard it. use only till %S
TIME_FORMAT = %Y-%d-%m %H:%M:%S

if "0." was not there, then, we can think of it as 175 milli seconds (%N).
may be its part of the remaining line.

0 Karma

merp96
Path Finder

yes I believe so, will check with the team logging the source
Thanks

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...