Multiple time logs in one timestamp

jsryu0247 — Thu, 24 Jan 2019 05:06:07 GMT

Hello

Multiple time logs in one timestamp
example

19/01/24 10:28:51 [2019-01-24 10:28:51] DEBUG [SyslogReceiver.java:212] ## Syslog Process.
[2019-01-24 10:28:51] DEBUG [SyslogReceiver.java:179] #### Syslog Message received
[2019-01-24 10:28:51] DEBUG [SyslogReceiver.java:220] ## Syslog L3IP Process

i need field

19/01/24 10:28:51[2019-01-24 10:28:51] DEBUG [SyslogReceiver.java:212] ## Syslog Process.
19/01/24 10:28:51[2019-01-24 10:28:51] DEBUG [SyslogReceiver.java:179] #### Syslog Message received
19/01/24 10:28:51[2019-01-24 10:28:51] DEBUG [SyslogReceiver.java:220] ## Syslog L3IP Process

where is alter
$SPLUNK_HOME/etc/system/local/props.conf

thank you

Re: Multiple time logs in one timestamp

harsmarvania57 — Thu, 24 Jan 2019 12:22:31 GMT

Hi,

If you want to extract timestamp from your logs (which has different formats) then you can create custom datetime.xml which will extract correct timestamp, please refer https://answers.splunk.com/answers/692340/how-can-we-set-time-format-in-propsconf-where-the.html

topic Re: Multiple time logs in one timestamp in Splunk Search

Multiple time logs in one timestamp

Re: Multiple time logs in one timestamp