https://community.splunk.com/t5/Getting-Data-In/Timestamp-mismatch-occurring-from-events-with-the-Splunk/m-p/347738#M63858 <P>Hi Please help me fix this would like to consider the TIME stamp extracted from the events , but i see two different time format s in events as you can see in below events .<BR /> And , the search head settings has default time zone settings --- CST zone . <BR /> Here is the props.conf i have written . Please help me parse the correct time stamp.</P> <P>[smr]<BR /> pulldown_type = true<BR /> NO_BINARY_CHECK=true<BR /> disabled=false<BR /> SHOULD_LINEMERGE=true<BR /> MAX_TIMESTAMP_LOOKAHEAD=150<BR /> MAX_EVENTS=15000<BR /> TRUNCATE=100000</P> <P><IMG src="https://community.splunk.com/storage/temp/207017-mismatchh.png" alt="alt text" /></P> Tue, 29 Sep 2020 15:12:31 GMT guru865 2020-09-29T15:12:31Z https://community.splunk.com/t5/Getting-Data-In/Timestamp-mismatch-occurring-from-events-with-the-Splunk/m-p/347738#M63858 <P>Hi Please help me fix this would like to consider the TIME stamp extracted from the events , but i see two different time format s in events as you can see in below events .<BR /> And , the search head settings has default time zone settings --- CST zone . <BR /> Here is the props.conf i have written . Please help me parse the correct time stamp.</P> <P>[smr]<BR /> pulldown_type = true<BR /> NO_BINARY_CHECK=true<BR /> disabled=false<BR /> SHOULD_LINEMERGE=true<BR /> MAX_TIMESTAMP_LOOKAHEAD=150<BR /> MAX_EVENTS=15000<BR /> TRUNCATE=100000</P> <P><IMG src="https://community.splunk.com/storage/temp/207017-mismatchh.png" alt="alt text" /></P> Tue, 29 Sep 2020 15:12:31 GMT https://community.splunk.com/t5/Getting-Data-In/Timestamp-mismatch-occurring-from-events-with-the-Splunk/m-p/347738#M63858 guru865 2020-09-29T15:12:31Z https://community.splunk.com/t5/Getting-Data-In/Timestamp-mismatch-occurring-from-events-with-the-Splunk/m-p/347739#M63859 <P>See:</P> <P><A href="https://answers.splunk.com/answers/216905/how-to-handle-a-logfile-with-two-timestamps.html">https://answers.splunk.com/answers/216905/how-to-handle-a-logfile-with-two-timestamps.html</A></P> Thu, 03 Aug 2017 23:24:34 GMT https://community.splunk.com/t5/Getting-Data-In/Timestamp-mismatch-occurring-from-events-with-the-Splunk/m-p/347739#M63859 cpetterborg 2017-08-03T23:24:34Z https://community.splunk.com/t5/Getting-Data-In/Timestamp-mismatch-occurring-from-events-with-the-Splunk/m-p/347740#M63860 <P>I can see that the time off set with the actual events and the splunk time zone has 1 and half hour difference . one hours 30 mins diff.</P> Thu, 03 Aug 2017 23:25:25 GMT https://community.splunk.com/t5/Getting-Data-In/Timestamp-mismatch-occurring-from-events-with-the-Splunk/m-p/347740#M63860 guru865 2017-08-03T23:25:25Z