A default field that represents time information in an event. Most events contain timestamps. In cases where an event does not contain timestamp information, Splunk Enterprise attempts to assign a timestamp value to the event at index time.
Splunk Enterprise uses timestamps to correlate events by time, to create the timeline histogram in Splunk Web, and to set time ranges for searches.
In the Knowledge Manager Manual:
In Getting Data In: