Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Date and time issue: Why event logs have timestamps 2017 and 2018?

Isaias_Garcia
Path Finder
‎06-18-2014 09:49 PM

Hi-

There is an issue in my Splunk regading time and date of each events. Some events have year2017,year2018 in the timestamp.Please help

3/12/18
6:14:00.000 PM

LATEST UPDATE : Mar 12 18:14  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.659host=xxxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options

6/18/17
5:01:00.000 PM

LATEST UPDATE : Jun 18 17:01  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.869host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


3/20/17
5:58:00.000 PM

LATEST UPDATE : Mar 20 17:58  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.675host=xxxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


3/19/17
5:46:00.000 PM

LATEST UPDATE : Mar 19 17:46  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.673host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options


6/17/16
4:13:00.000 PM

LATEST UPDATE : Jun 17 16:13  LATEST ANTI-VIRUS DEFINITION : lpt$vpn.867host=xxxxx   Options|  
sourcetype=lptvpn-too_small   Options|  
source=/var/log/lptvpn.log   Options|  
index=prod   Options|  
timeendpos=28   Options|  
timestartpos=16   Options
Tags (3)
0 Karma
Reply

Isaias_Garcia
Path Finder
‎06-19-2014 07:22 PM

i already figured out this one. The splunk gets the timestamp on input of the eventlogs itself. The timestamp show 2018-03-12 because the input of the logs includes Mar 12 18:14.It seems that the timestamps read the time 18:14 (6:14PM) as year 2018.

0 Karma
Reply

lguinn2
Legend
‎06-19-2014 04:56 PM

We need to see the inputs.conf and props.conf that you are using to read this file.

0 Karma
Reply

Isaias_Garcia
Path Finder
‎06-18-2014 10:11 PM

Below is the extract. As you can see, the time and date of my logs have had discrepancies ( 2017, 2018,2016) .Thanks
_raw _time date_hour date_mday date_minute date_month date_wday date_year date_zone
LATEST UPDATE : Mar 12 18:14 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.659 2018-03-12T18:14:00.000+1100 18 12 14 march monday 2018 660
LATEST UPDATE : Jun 18 17:01 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.869 2017-06-18T17:01:00.000+1000 17 18 1 june sunday 2017 600
LATEST UPDATE : Mar 20 17:58 LATEST ANTI-VIRUS DEFINITION : lpt$vpn.675 2017-03-20T17:58:00.000+1100 17 20 58 march monday 2017 660

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...