Goodday,
I am a Newbie.
Am trying to ingest a stock price file into Splunk,
I open Splunk by using http://localhost:8000/en-US/...
This is the format of the stock price file:
01/08/2001,15:45,1255.50,1257.00,1251.50,1255.25,2099,0
01/08/2001,16:00,1255.25,1256.50,1248.25,1253.25,2227,0
01/08/2001,16:15,1253.25,1259.00,1248.25,1250.00,2642,0
01/08/2001,16:30,1249.75,1253.25,1248.25,1251.25,1791,0
01/08/2001,16:45,1251.50,1258.75,1251.25,1255.50,1726,0
Date format is mm/dd/yyyy and time format is HH:mm
So I tried Timestamp format: %m/%d/%Y,%H:%M (is this the correct approach?)
The other fields are: opening price, highest price of the day, lowest price of the day, closing price, volume, open interest
Now I receive a message "timestamp outside acceptable".
So I suspect I need to increase the MAX_DAYS_AGO, because this value is too small.
But which props.conf needs to be updated? I can see several props.conf files.
Thanks for your helps, guys,
Kind regards,
Aad
... View more