I'm trying to import a csv format using splunk.
The timestamp of log is in the format YYYY/MM.
By default, splunk fails to generate timestamp since there is not hour, minute, and second information.
An example of an event (_raw) looks like this:
AB;ZZCAD;2016/01;22.79000000
I think that this should be working:
TIME_FORMAT=%Y/%m
TIME_PREFIX=(.){9}
MAX_TIMESTAMP_LOOKAHEAD=7
What am I doing wrong?
↧