Hi,
I want to upload a csv file and use a the field "Period" (e.g. 2015-08) for the _time field.
I've created a sourcetype and defined the timestamp extraction like this:
time zone=UTC
timestamp format=%Y-%m
timestamp fields= Period
Splunk tells me:
*Could not use strptime to parse timestamp from "2015-08".
Failed to parse timestamp. Defaulting to file modtime.*
What am I doing wrong here?
I guess it is missing a day, but I hoped that it will do some kind of "bucket span=1mon" here
Cheers
Heinz
↧