Hey everyone.
I read all nearest posts about timestamp and still can't make it work.
So, i have events like this:
....................."2016-11-01T21:33:16.000+0300",splunk,splunk...............one, u'Baseline Effort': None, u'Labels': '', u'Updated': u'2016-11-02T20:17:13.000+0300', u'\u03a3 Progress_progress'................
I need take timestamp from Updated field
props.conf
[Jira]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = csv
KV_MODE = none
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
category = Custom
description =
disabled = false
pulldown_type = true
TIME_PREFIX = Updated': u'
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N%z
↧