https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348172#M63924 <P>What is the expected interpretation of that log4j timestamp? Splunk's interpretation looks right to me.</P> Fri, 04 Aug 2017 12:49:59 GMT richgalloway 2017-08-04T12:49:59Z https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348171#M63923 <P>Hi at all,<BR /> I have a strange question, strange because it should be easy but it doesn't run!<BR /> I have log4j logs with a timesamp </P> <PRE><CODE>2017-07-26 00:05:21 DEBUG </CODE></PRE> <P>that is wrongly read by Splunk as</P> <PRE><CODE>7/26/17 12:05:21 AM </CODE></PRE> <P>I tried with and without TomeZone.</P> <P>How can I fix this problem? what I forgot (Holidays are coming <span class="lia-unicode-emoji" title=":winking_face:">😉</span> )?</P> <P>Bye.<BR /> Giuseppe</P> Fri, 04 Aug 2017 12:13:18 GMT https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348171#M63923 gcusello 2017-08-04T12:13:18Z https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348172#M63924 <P>What is the expected interpretation of that log4j timestamp? Splunk's interpretation looks right to me.</P> Fri, 04 Aug 2017 12:49:59 GMT https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348172#M63924 richgalloway 2017-08-04T12:49:59Z https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348173#M63925 <P>Probably I have an interpretation problem from the italian way to show hours:<BR /> 12 AM is followed by 1 AM, 2 AM and so on, correct?<BR /> In Italy we have 0 AM, 1 AM, 2AM and so on!<BR /> Bye.<BR /> Giuseppe</P> Fri, 04 Aug 2017 13:33:54 GMT https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348173#M63925 gcusello 2017-08-04T13:33:54Z https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348174#M63926 <P>@cusello, I dont think this is an issue with Time Stamp recognition only for log4j logs. By default this is how timestamp for _time would be displayed for any log.</P> <P>Try changing Splunk URL from US ( <CODE><A href="http://&lt;YourSplunkServer&gt;/en-US" target="test_blank">http://&lt;YourSplunkServer&gt;/en-US</A></CODE> ) to GB ( <CODE><A href="http://&lt;YourSplunkServer&gt;/en-GB" target="test_blank">http://&lt;YourSplunkServer&gt;/en-GB</A></CODE> )</P> <P>See if time is displayed as 00 hours instead of 12</P> Fri, 04 Aug 2017 14:22:24 GMT https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348174#M63926 niketn 2017-08-04T14:22:24Z https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348175#M63927 <P>@cusello, I dont think this is an issue with Time Stamp recognition only for log4j logs. By default this is how timestamp for _time would be displayed for any log.</P> <P>Try changing Splunk URL from US ( <CODE><A href="http://&lt;YourSplunkServer&gt;/en-US" target="test_blank">http://&lt;YourSplunkServer&gt;/en-US</A></CODE> ) to GB ( <CODE><A href="http://&lt;YourSplunkServer&gt;/en-GB" target="test_blank">http://&lt;YourSplunkServer&gt;/en-GB</A></CODE> )</P> <P>See if time is displayed as 00 hours instead of 12</P> Fri, 04 Aug 2017 14:22:24 GMT https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348175#M63927 niketn 2017-08-04T14:22:24Z https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348176#M63928 <P>Yes!<BR /> every day I learn!<BR /> Thank you.<BR /> Bye.<BR /> Giuseppe</P> Fri, 04 Aug 2017 14:54:36 GMT https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348176#M63928 gcusello 2017-08-04T14:54:36Z https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348177#M63929 <P>Cheers! Have a nice weekend <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 04 Aug 2017 16:43:12 GMT https://community.splunk.com/t5/Getting-Data-In/time-format-in-log4j/m-p/348177#M63929 niketn 2017-08-04T16:43:12Z