- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Failed to parse epoch timestamp for Checkpoint Opsec

rsimmons

Splunk Employee
01-08-2015
05:49 AM
Splunk isn’t recognizing the date from the opsec.logs since the date is being sent in a localized format
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

rsimmons

Splunk Employee
01-08-2015
05:49 AM
This can be resolve by modifying DATESTAMP = epoch (“unix”) and by doing this don't need to set TZs. You will need to edit DATESTAMP properties under fw1-loggrabber.conf file so that it is indexed properly.
