Solved: How to find events with Timestamp issue

ma_anand1984 · ‎09-12-2012

I'm seeing the below error in splunkd.log of an indexer

WARN DateParserVerbose - Failed to parse timestamp.

The error does give me source file, host sourcetype. But it didnt give me the event for which the timestamp fails.

Only a fraction of the logs are having issues so im not able to find them.

Is there any way to better solve this?

adamw · ‎09-12-2012

If you're on 4.3, by far the easiest way to accomplish this is to use the data preview wizard using a sample log file from the host and sourcetype indicated in the log file.

It will assist you in generating the proper props.conf for that input.

View solution in original post

adamw · ‎09-12-2012

If you're on 4.3, by far the easiest way to accomplish this is to use the data preview wizard using a sample log file from the host and sourcetype indicated in the log file.

It will assist you in generating the proper props.conf for that input.

How to find events with Timestamp issue

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Are you a member of the Splunk Community?

How to find events with Timestamp issue

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!