Hello,
In my case filenames as Incidentes.YYYYMMDD.csv to study backlogs with daily granularity.
I have solved looking for a field with date an hour to obtain only the hour. TIME_PREFIX remove the date and TIME_FORMAT obtain the hour, so we jump to step 5 of http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Data/HowSplunkextractstimestamps
[csv_backlog]
DATETIME_CONFIG =
FIELD_DELIMITER = tab
INDEXED_EXTRACTIONS = csv
KV_MODE = none
MAX_DAYS_HENCE =
MAX_DIFF_SECS_AGO = 86400
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
TIMESTAMP_FIELDS = your field with date and hour
TIME_FORMAT = %H:%M:%S
TIME_PREFIX = \d{1,2}/\d{1,2}/\d{2,4}
category = Custom
description = Comma-separated value format. Set header and other settings in "Delimited Settings"
disabled = false
pulldown_type = true
I hope it can help you.
... View more