Knowledge Management

extract date from filename in Splunk with customized datetime.xml?

azaki
Explorer

hey All
i want to extract date from filename the file name is as following :
filename xxx9935_20190223.txt
datetime.xml is as following:

<datetime>
<define name="mynewdate" extract="year, month, day">
     <text><![CDATA[(?:^|source::).*?(?<!\d|\d\.|-)(?:20)?([901]\d)(0\d|1[012])([012]\d|3[01])(?!\d|-| {2,})]]></text>
</define>
<timePatterns>
     <use name="mynewdate"/>
</timePatterns>
<datePatterns>
     <use name="mynewdate"/>
</datePatterns>
</datetime>

and i edited the props.conf to be look like this

DATETIME_CONFIG = /etc/apps/mashreq_atm/default/datetime.xml

could any one check why this isn't working?

1 Solution

azaki
Explorer
0 Karma

azaki
Explorer

the problem is solved by following the steps in here recommended from the support:
https://www.splunk.com/blog/2009/12/02/configure-splunk-to-pull-a-date-out-of-a-non-standard-filenam...

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...