Solved: How to find events with Timestamp issue

ma_anand1984 · ‎09-12-2012

I'm seeing the below error in splunkd.log of an indexer

WARN DateParserVerbose - Failed to parse timestamp.

The error does give me source file, host sourcetype. But it didnt give me the event for which the timestamp fails.

Only a fraction of the logs are having issues so im not able to find them.

Is there any way to better solve this?

adamw · ‎09-12-2012

If you're on 4.3, by far the easiest way to accomplish this is to use the data preview wizard using a sample log file from the host and sourcetype indicated in the log file.

It will assist you in generating the proper props.conf for that input.

View solution in original post

adamw · ‎09-12-2012

If you're on 4.3, by far the easiest way to accomplish this is to use the data preview wizard using a sample log file from the host and sourcetype indicated in the log file.

It will assist you in generating the proper props.conf for that input.

How to find events with Timestamp issue

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?

How to find events with Timestamp issue

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2