I am struggling to get splunk to parse the timestamps properly in a CSV file (Firefox Web History log exported to CSV). I tried the default CSV type, and all I get is the CSV file's modtime listed as the timestamps. Here are the first few lines of the CSV (redacted):
4/3/07 0:36, some url,html,????
4/3/07 0:35,some url, html,?????
4/3/07 0:34,some url,html, ????
Here is what I have added to my props.conf file:
TIME_FORMAT = %M/%D/%Y %H:%M
SHOULD_LINEMERGE = false
MAX_TIMESTAMP_LOOKAHEAD = 19
Same error. Any advice appreciated as I am new to splunk and still figuring it out.
... View more