Bug #1025: Improve handling of times - Syndication Input - LukeMurphey.net

Bug #1025

Improve handling of times

Added by Luke Murphey over 9 years ago. Updated almost 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Luke Murphey

Target version:

1.0.3

Start date:

07/08/2015

Due date:

% Done:

100%

Description

Improve the handling of time fields such that Splunk can recognize the published field (or the indexed time field).

See http://answers.splunk.com/answers/268261/rss-timestamp-for-syndication-app.html

Associated revisions

Revision 33 (diff)
Added by lmurphey almost 8 years ago

Adding calculated fields for published and updated dates

Closes #1025

History

#1 Updated by Luke Murphey over 8 years ago

Target version deleted (~~1.0.2~~)

#2 Updated by Luke Murphey almost 8 years ago

Target version set to 1.0.3

#3 Updated by Luke Murphey almost 8 years ago

I should be able to use evaluated fields to do this. Currently, you can use eval to parse the times in search:

| eval updated_date=strptime(updated,"%Y-%m-%dT%H:%M:%S")

#4 Updated by Luke Murphey almost 8 years ago

Fields to parse:

updated_parsed
published_parsed

#5 Updated by Anonymous almost 8 years ago

Status changed from New to Closed
% Done changed from 0 to 100

Applied in changeset splunk-syndication-input|r33.

Also available in: Atom PDF

Project

General

Profile

Splunk Apps » Syndication Input

Issues

Custom queries