<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Trying to get SNMP data into Splunk, why am I getting error &amp;quot;A possible timestamp match is outside of the acceptable time window&amp;quot;? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-get-SNMP-data-into-Splunk-why-am-I-getting-error-quot/m-p/253657#M48704</link>
    <description>&lt;P&gt;I have followed the following links for getting SNMP Data into Splunk:&lt;/P&gt;

&lt;P&gt;&lt;A href="http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt1/"&gt;http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt1/&lt;/A&gt;&lt;BR /&gt;
&lt;A href="http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt2"&gt;http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt2&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;transforms.conf&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[snmp_field_extractions]
REGEX=(.+?)::(.+?)\.\"((?:\d\.?)+)\"\s=\s\"(.*?)\"\s
FORMAT=mib::$1 oid::$2 snmp_index::$3 value::$4
MV_ADD=true

[snmp_keyvalue_extraction]
REGEX=(?:.+?)::(.+?)\.\"(?:(?:\d\.?)+)\"\s=\s\"(.*?)\"\s
FORMAT=$1::$2

[snmp_mib_uid]
REGEX = ([^:]+)::([^\.]+)\.("?)([^"]*)\3 = \"([^\"]*)\"(?= |\n|$)
FORMAT = MIB::$1 UID::$4 Name::$2 $2::$5 Value::$5
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;props.conf&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[snmp_ta]
REPORT-snmpfieldvalues = snmp_field_extractions , snmp_keyvalue_extraction, snmp_mib_uid
DATETIME_CONFIG = NONE
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;However, I am getting following errors in the splunkd.log:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;08-29-2016 21:34:45.689 +0000 WARN  DateParserVerbose - A possible timestamp match (Sun Sep  9 01:46:40 2001) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source::snmp://Nexus 6K Stats|host::67.178.30.20|nexus_snmp|
08-29-2016 21:34:45.689 +0000 WARN  DateParserVerbose - A possible timestamp match (Sun Sep  9 01:46:40 2001) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source::snmp://Nexus 6K Stats|host::67.178.30.20|nexus_snmp|
08-29-2016 21:34:45.689 +0000 WARN  DateParserVerbose - A possible timestamp match (Sun Sep  9 01:46:40 2001) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source::snmp://Nexus 6K Stats|host::67.178.30.20|nexus_snmp|
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;What could be the issue?&lt;/P&gt;

&lt;P&gt;Thanks&lt;/P&gt;</description>
    <pubDate>Mon, 29 Aug 2016 22:11:53 GMT</pubDate>
    <dc:creator>jgcsco</dc:creator>
    <dc:date>2016-08-29T22:11:53Z</dc:date>
    <item>
      <title>Trying to get SNMP data into Splunk, why am I getting error "A possible timestamp match is outside of the acceptable time window"?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-get-SNMP-data-into-Splunk-why-am-I-getting-error-quot/m-p/253657#M48704</link>
      <description>&lt;P&gt;I have followed the following links for getting SNMP Data into Splunk:&lt;/P&gt;

&lt;P&gt;&lt;A href="http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt1/"&gt;http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt1/&lt;/A&gt;&lt;BR /&gt;
&lt;A href="http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt2"&gt;http://blogs.splunk.com/2013/11/06/adventures-with-snmp-and-cisco-nexus-pt2&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;transforms.conf&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[snmp_field_extractions]
REGEX=(.+?)::(.+?)\.\"((?:\d\.?)+)\"\s=\s\"(.*?)\"\s
FORMAT=mib::$1 oid::$2 snmp_index::$3 value::$4
MV_ADD=true

[snmp_keyvalue_extraction]
REGEX=(?:.+?)::(.+?)\.\"(?:(?:\d\.?)+)\"\s=\s\"(.*?)\"\s
FORMAT=$1::$2

[snmp_mib_uid]
REGEX = ([^:]+)::([^\.]+)\.("?)([^"]*)\3 = \"([^\"]*)\"(?= |\n|$)
FORMAT = MIB::$1 UID::$4 Name::$2 $2::$5 Value::$5
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;props.conf&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[snmp_ta]
REPORT-snmpfieldvalues = snmp_field_extractions , snmp_keyvalue_extraction, snmp_mib_uid
DATETIME_CONFIG = NONE
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;However, I am getting following errors in the splunkd.log:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;08-29-2016 21:34:45.689 +0000 WARN  DateParserVerbose - A possible timestamp match (Sun Sep  9 01:46:40 2001) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source::snmp://Nexus 6K Stats|host::67.178.30.20|nexus_snmp|
08-29-2016 21:34:45.689 +0000 WARN  DateParserVerbose - A possible timestamp match (Sun Sep  9 01:46:40 2001) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source::snmp://Nexus 6K Stats|host::67.178.30.20|nexus_snmp|
08-29-2016 21:34:45.689 +0000 WARN  DateParserVerbose - A possible timestamp match (Sun Sep  9 01:46:40 2001) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source::snmp://Nexus 6K Stats|host::67.178.30.20|nexus_snmp|
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;What could be the issue?&lt;/P&gt;

&lt;P&gt;Thanks&lt;/P&gt;</description>
      <pubDate>Mon, 29 Aug 2016 22:11:53 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Trying-to-get-SNMP-data-into-Splunk-why-am-I-getting-error-quot/m-p/253657#M48704</guid>
      <dc:creator>jgcsco</dc:creator>
      <dc:date>2016-08-29T22:11:53Z</dc:date>
    </item>
    <item>
      <title>Re: Trying to get SNMP data into Splunk, why am I getting error "A possible timestamp match is outside of the acceptable time window"?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-get-SNMP-data-into-Splunk-why-am-I-getting-error-quot/m-p/253658#M48705</link>
      <description>&lt;P&gt;I guess it's the problem of synchronisation. Please check it in your Splunk and target system. &lt;BR /&gt;
It looks the timestamps of events are beyond the local time windows of Splunk. &lt;/P&gt;

&lt;P&gt;If all the nodes have been synchronised, you can adjust the MAX_DAYS_AGO in props.conf. The timestamp in your event is in 2001, which is beyond the default scope. Give a bigger time window to MAX_DAYS_AGO, then Splunk can index it without that message. &lt;BR /&gt;
Details can be found as below&lt;BR /&gt;
&lt;A href="https://docs.splunk.com/Documentation/Splunk/6.4.3/Admin/Propsconf" target="_blank"&gt;https://docs.splunk.com/Documentation/Splunk/6.4.3/Admin/Propsconf&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 29 Sep 2020 10:50:55 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Trying-to-get-SNMP-data-into-Splunk-why-am-I-getting-error-quot/m-p/253658#M48705</guid>
      <dc:creator>ChrisYang</dc:creator>
      <dc:date>2020-09-29T10:50:55Z</dc:date>
    </item>
    <item>
      <title>Re: Trying to get SNMP data into Splunk, why am I getting error "A possible timestamp match is outside of the acceptable time window"?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-get-SNMP-data-into-Splunk-why-am-I-getting-error-quot/m-p/253659#M48706</link>
      <description>&lt;P&gt;Hey jgcsco!&lt;/P&gt;

&lt;P&gt;do you have a props.conf entry called nexus_snmp that is still running the datetimeparser? If I am not mistaken, the "context" entry in the log points to source, hosts and sourcetype? Which I would expect to see snmp_ta.&lt;/P&gt;

&lt;P&gt;Been a while since I played with the mod input. Will try and confirm in my lab.&lt;/P&gt;</description>
      <pubDate>Tue, 29 Sep 2020 10:50:58 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Trying-to-get-SNMP-data-into-Splunk-why-am-I-getting-error-quot/m-p/253659#M48706</guid>
      <dc:creator>mattymo</dc:creator>
      <dc:date>2020-09-29T10:50:58Z</dc:date>
    </item>
  </channel>
</rss>

