Hi, I am new to using Splunk and am currently experimenting on my desktop using a few different add-ons.
I have been using the BT HomeHub app, which although doesn't seem to extract the log files from my newer BT SmartHub, does manage to perform regular speed tests, which has given me some nice data to play with.
That is until 14:00 passes each day when the way the time/date in log file is parsed by Splunk seems to fail.
Before 2pm, Time field populated correctly:![alt text][1]
After 2pm, Time field populated incorrectly:![alt text][2]
Is this bug down to the way the App is coded, or is there a setting in Splunk I can change.
Alternatively is there a way I can make my own 'time' field? I have managed to extract the individual parts of the date to individual fields but do not know how to combine these into a time field that Splunk can use e.g. in a timechart.
Thanks, Andy
[1]: /storage/temp/275698-speedtest-before-2.png
[2]: /storage/temp/275699-speedtest-after-2.png
↧