I am indexing a simple CSV file local on the spunk server. I am trying to extract the correct time stamp from the CSV file (every line is an event) but splunk keep using the file's modified date as the timestamp. Below is the sample line from the csv file and the regex I am trying. what am I doing wrong here?
Sample line
"03/04/2014","58.71","*",""," xxxxxxxxxxx9682"
regex I have tried so far
\d{2}/\d{2}/\d{4}
^"\d{2}/\d{2}/\d{4}"
"\d{2}/\d{2}/\d{4}"
Also tried the following time format
%m/%d/%Y
... View more