https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417564#M7280 <P>No, but you gave me an awesome idea! </P> <P>If we can't install the TA directly, we are a University and getting these installs takes some effort, then I will bust open the props.conf on the Cisco ISE TA and use those stanzas as first stab. </P> <P>Thanks for sparking that idea!</P> Tue, 22 Jan 2019 17:26:51 GMT montgomeryam 2019-01-22T17:26:51Z https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417562#M7278 <P>Hello! </P> <P>We are trying to track down issues with ingesting UDP syslog data from Cisco ISE in which it is being indexed in the wrong year timestamp. What I can see is that the events are often being collected as far back as 1986. I understand that we can utilize a props.conf to configure timestamp recognition on events that are missing identifiable timestamps.</P> <P>Anyone else have this issue and were you able to fix it in props.conf?</P> <P>Thanks!</P> Tue, 22 Jan 2019 17:11:47 GMT https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417562#M7278 montgomeryam 2019-01-22T17:11:47Z https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417563#M7279 <P>Did you try to use the TA for cisco ise? its for collecting ise syslog data<BR /> <A href="https://splunkbase.splunk.com/app/1915/#/overview">https://splunkbase.splunk.com/app/1915/#/overview</A></P> Tue, 22 Jan 2019 17:16:24 GMT https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417563#M7279 dkeck 2019-01-22T17:16:24Z https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417564#M7280 <P>No, but you gave me an awesome idea! </P> <P>If we can't install the TA directly, we are a University and getting these installs takes some effort, then I will bust open the props.conf on the Cisco ISE TA and use those stanzas as first stab. </P> <P>Thanks for sparking that idea!</P> Tue, 22 Jan 2019 17:26:51 GMT https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417564#M7280 montgomeryam 2019-01-22T17:26:51Z https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417565#M7281 <P>Happy to help. It would be great if you could accept the answer <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 24 Jan 2019 07:48:38 GMT https://community.splunk.com/t5/Splunk-Dev/Ingesting-Cisco-ISE-logs-wrong-timestamp/m-p/417565#M7281 dkeck 2019-01-24T07:48:38Z