Configuring the PowerConnect Cloud Agent to Extract Timestamps

Overview

The PowerConnect Cloud agent can be configured to extract timestamps from the source events. By default the Inputs assign the _time field in Splunk to the timestamp when the event was collected. This behaviour can be modified so an Input assigns the _time field to a timestamp from the source event instead.

Note - currently in version 1.0.8 only the CPI message input supports timestamp extract but others will be supported in the next version 1.0.9.

Configuring a Timestamp for an Input

• Whilst creating an Input or editing an existing Input click on the Timestamp tab
  
  

  Open

  

• In the Timestamp Field dropdown choose a field from the event to use as the _time field in Splunk. Only fields mapped as Date/Timestamps will be shown

• Click Save