I am continuously indexing data from CSV file. Events only have time stamp without date. Splunk has automatically extracted time stamp and used file modified date to use it as date with in time stamp. Please find below example.
FIELDS = "File", "Time", "Copy", "Open", "Save", "Close"
3 » 16/07/2012 23:58:25.000 50K.xls 23:58:25 0.0156 0.7813 0.6719 0.0469
4 » 16/07/2012 23:58:19.000 50K.ppt 23:58:19 0.0156 0.9219 0.5625 0.0313
So if the next even arrives at 00:01:02, the splunk will assign it a date of 16/07/2012 instead of automatically detecting a day change and assign it date of 17/07/2012. Please can you help me to identify that how this problem can fixed.
Please find below an examples where following events should have assigned date of 17/07/2012 but they were assigned incorrect date of 16/07/2012
16/07/2012 00:09:02.000 500K.xls 00:09:02 0.0150 4.0161 1.4529 0.3600
3902 » 16/07/2012 00:08:52.000 500k.ppt 00:08:52 0.0160 5.9070 4.6250 0.0309
Thanks
... View more