All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How is how_time set when experiencing TA-MS-AAD data indexing delays?

rayar
Contributor
‎01-16-2023 01:27 AM

I have configuration  for TA-MS-AAD and we see that we have delays 

trying to understand how _time is set 

Labels (1)
Labels
0 Karma
Reply

davidoff96
Path Finder
‎01-19-2023 01:27 PM

If I understand this correctly, this is for this add-on: https://splunkbase.splunk.com/app/3757

 

Which sourcetype are you seeing _time issues with? Each sourcetype has a different method of getting _time (some use "createdDateTime", others use CURRENT).

0 Karma
Reply

rayar
Contributor
‎01-22-2023 01:22 AM
02:05:192023-01-22 08:13:192023-01-22 06:08:00.000azure:eventhub
02:05:412023-01-22 08:08:412023-01-22 06:03:00.000azure:eventhub
02:05:412023-01-22 08:08:412023-01-22 06:03:00.000azure:eventhub
02:05:512023-01-22 08:08:512023-01-22 06:03:00.000azure:eventhub
02:05:512023-01-22 08:08:512023-01-22 06:03:00.000azure:eventhub
02:06:092023-01-22 08:09:092023-01-22 06:03:00.000azure:eventhub
02:06:092023-01-22 08:09:092023-01-22 06:03:00.000azure:eventhub
02:06:392023-01-22 08:20:392023-01-22 06:14:00.000azure:eventhub
02:07:082023-01-22 08:13:082023-01-22 06:06:00.000azure:eventhub
    
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...