Hello,
I don't know if it is possible get this setup. I should load into Splunk a log file with lots of events, but I am not able to set up the timestamp in the right way. In the filename, I can seen the date and in the events the time as following:
- Filename: LOG_14-07-09_1100.TST
- Events sample:
11000000 RSM2 MC0210 pcs013 ....
11010500 SSM7 MC2020 pkt023 ....
11030500 KSF3 MC4010 pkt313 ....
11100100 TRW71 MC1010 pkt021 ....
11122000 WRM1 MC1020 pkt013 ....
11330200 TWM31 MC0410 pkt118 ....
- So, the timestamp should be:
2014/07/09 - 11:00 AM
2014/07/09 - 11:01 AM
2014/07/09 - 11:03 AM
2014/07/09 - 11:10 AM
2014/07/09 - 11:12 AM
2014/07/09 - 11:33 AM
Any idea if this is possible? If so, how?
Thanks in advance,
↧
How to configure Splunk to set the event timestamp based on filename for date and events for time?
↧