So answering to myself. I tried above answers but where not quite what I was looking for.
Although I found how to do it following http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Configuretimestamprecognition
As simple as to follow properly the formas supported:
strptime() format expression examples
Here are some sample date formats, with the strptime() expressions that handle them:
1998-12-31 %Y-%m-%d
98-12-31 %y-%m-%d
1998 years, 312 days %Y years, %j days
Jan 24, 2003 %b %d, %Y
January 24, 2003 %B %d, %Y
1397477611.862 %s.%3N
So when specifying timefield input, go to custom and specify the field that has the "date" and its format.
Thanks!
... View more