Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Date and time issue: Why event logs have timestamps 2017 and 2018?

Isaias_Garcia
Path Finder
‎06-18-2014 09:49 PM

Hi-

There is an issue in my Splunk regading time and date of each events. Some events have year2017,year2018 in the timestamp.Please help

3/12/18
6:14:00.000 PM

LATEST UPDATE : Mar 12 18:14  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.659host=xxxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options

6/18/17
5:01:00.000 PM

LATEST UPDATE : Jun 18 17:01  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.869host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


3/20/17
5:58:00.000 PM

LATEST UPDATE : Mar 20 17:58  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.675host=xxxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


3/19/17
5:46:00.000 PM

LATEST UPDATE : Mar 19 17:46  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.673host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


6/17/16
4:13:00.000 PM

LATEST UPDATE : Jun 17 16:13  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.867host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options
Tags (3)
0 Karma
Reply

Isaias_Garcia
Path Finder
‎06-19-2014 07:22 PM

i already figured out this one. The splunk gets the timestamp on input of the eventlogs itself. The timestamp show 2018-03-12 because the input of the logs includes Mar 12 18:14.It seems that the timestamps read the time 18:14 (6:14PM) as year 2018.

0 Karma
Reply

lguinn2
Legend
‎06-19-2014 04:56 PM

We need to see the inputs.conf and props.conf that you are using to read this file.

0 Karma
Reply

Isaias_Garcia
Path Finder
‎06-18-2014 10:11 PM

Below is the extract. As you can see, the time and date of my logs have had discrepancies ( 2017, 2018,2016) .Thanks
_raw _time date_hour date_mday date_minute date_month date_wday date_year date_zone
LATEST UPDATE : Mar 12 18:14 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.659 2018-03-12T18:14:00.000+1100 18 12 14 march monday 2018 660
LATEST UPDATE : Jun 18 17:01 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.869 2017-06-18T17:01:00.000+1000 17 18 1 june sunday 2017 600
LATEST UPDATE : Mar 20 17:58 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.675 2017-03-20T17:58:00.000+1100 17 20 58 march monday 2017 660

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...