I have a non - standard timestamp that I want to extract. The value after the word Hour is the actual hour of the day in military time so 0 is between 12 and 1am...and so on and so forth til hour 23. Don't care about minutes or seconds.
Splunkd is not spitting out any debug info, but it is not braking it up.
Example 1: August 13, 2013, Hour 0 300:A 1
Example 2: August 13, 2013, Hour 1 300:A general
here is my complete datetime.xml
Why is this not working? I hard coded the actual Month "August" to test make sure it was not my regex, but it is all mashing the events into one
Here is my props.conf:
Here is what it looks like in splunk:
