Getting Data In

Date and time issue: Why event logs have timestamps 2017 and 2018?

Isaias_Garcia
Path Finder

Hi-

There is an issue in my Splunk regading time and date of each events. Some events have year2017,year2018 in the timestamp.Please help

3/12/18
6:14:00.000 PM

LATEST UPDATE : Mar 12 18:14  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.659host=xxxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options

6/18/17
5:01:00.000 PM

LATEST UPDATE : Jun 18 17:01  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.869host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


3/20/17
5:58:00.000 PM

LATEST UPDATE : Mar 20 17:58  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.675host=xxxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


3/19/17
5:46:00.000 PM

LATEST UPDATE : Mar 19 17:46  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.673host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


6/17/16
4:13:00.000 PM

LATEST UPDATE : Jun 17 16:13  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.867host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options
Tags (3)
0 Karma

Isaias_Garcia
Path Finder

i already figured out this one. The splunk gets the timestamp on input of the eventlogs itself. The timestamp show 2018-03-12 because the input of the logs includes Mar 12 18:14.It seems that the timestamps read the time 18:14 (6:14PM) as year 2018.

0 Karma

lguinn2
Legend

We need to see the inputs.conf and props.conf that you are using to read this file.

0 Karma

Isaias_Garcia
Path Finder

Below is the extract. As you can see, the time and date of my logs have had discrepancies ( 2017, 2018,2016) .Thanks
_raw _time date_hour date_mday date_minute date_month date_wday date_year date_zone
LATEST UPDATE : Mar 12 18:14 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.659 2018-03-12T18:14:00.000+1100 18 12 14 march monday 2018 660
LATEST UPDATE : Jun 18 17:01 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.869 2017-06-18T17:01:00.000+1000 17 18 1 june sunday 2017 600
LATEST UPDATE : Mar 20 17:58 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.675 2017-03-20T17:58:00.000+1100 17 20 58 march monday 2017 660

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...