How to extract timestamp (year, month, date) from ...

moaf13 · ‎10-27-2016

I have a file name that contains such timestamp:
"filenameexample_161128_kadjfkj.txt"
year(16) month(11) date(28)

how do i tell Splunk to use that date for indexing?

I have looked at many answers online including blogs, none of them worked. Maybe my regex is wrong?

DATETIME_CONFIG=/etc/system/local/my_datetime.xml</code>







....(default datetime setting in between) .....
....
....










"""""""""""""""

inventsekar · ‎10-28-2016

https://answers.splunk.com/answers/320978/how-to-extract-the-timestamp-from-a-filename-at-in.html
this post says the user created a splunk support case and the answer was - extracting a full timestamp from a filename is not currently supported in Splunk. There was lot of discussion on this post, please check it.

moaf13 · ‎10-28-2016

right, I understand it can not use the time and i only care about the date.

this was my regex in my_datetime.xml, please let me know if i did anything wrong

[CDATA[(?:^|source:|source::).*([123]\d)([01]\d)([0123]\d)[^0-9]]]

and i also changed the location of my_datetime.xml file path from local to default

DATETIME_CONFIG=/etc/system/default/my_datetime.xml

am i missing anything?

How to extract timestamp (year, month, date) from a filename?