You got me going on the right track. Splunk was failing to parse timestamps. I managed to index several files properly, however, a couple files require a more complex regular expression for the preface pattern. The events are structured as follows:
"Justin Lang:2465-1-Lang","164","10/4/2012","10/25/2012",,4345.00,""
Do you happen to know how to write a regular expression that would allow splunk to parse the first date in the event: "10/4/2012"? I do not know regex very well. I tried "",""," Thanks for your help!
... View more