Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

How to find events with Timestamp issue

ma_anand1984
Contributor
โ€Ž09-12-2012 12:20 AM

I'm seeing the below error in splunkd.log of an indexer

WARN DateParserVerbose - Failed to parse timestamp.

The error does give me source file, host sourcetype. But it didnt give me the event for which the timestamp fails.

Only a fraction of the logs are having issues so im not able to find them.

Is there any way to better solve this?

Reply
1 Solution
Solved! Jump to solution
Solution

adamw
Communicator
โ€Ž09-12-2012 08:54 PM

If you're on 4.3, by far the easiest way to accomplish this is to use the data preview wizard using a sample log file from the host and sourcetype indicated in the log file.

It will assist you in generating the proper props.conf for that input.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

adamw
Communicator
โ€Ž09-12-2012 08:54 PM

If you're on 4.3, by far the easiest way to accomplish this is to use the data preview wizard using a sample log file from the host and sourcetype indicated in the log file.

It will assist you in generating the proper props.conf for that input.

View solution in original post

0 Karma
Reply